ספריית OAuth2.0

צור אובייקט לבקשות בהרשאת OAuth2

/**
 * Simple library for sending OAuth2 authenticated requests.
 * See: https://developers.google.com/google-ads/scripts/docs/features/third-party-apis#oauth_2
 * for full details.
 */


/**
 * Adds a OAuth object, for creating authenticated requests, to the global
 * object.
 */

(function(scope) {
 
/**
   * Creates an object for making authenticated URL fetch requests with a
   * given stored access token.
   * @param {string} accessToken The access token to store and use.
   * @constructor
   */

 
function OAuth2UrlFetchApp(accessToken) { this.accessToken_ = accessToken; }

 
/**
   * Performs an HTTP request for the given URL.
   * @param {string} url The URL to fetch
   * @param {?Object=} options Options as per UrlFetchApp.fetch
   * @return {!HTTPResponse} The HTTP Response object.
   */

 
OAuth2UrlFetchApp.prototype.fetch = function(url, opt_options) {
   
const fetchOptions = opt_options || {};
   
if (!fetchOptions.headers) {
      fetchOptions
.headers = {};
   
}
    fetchOptions
.headers.Authorization = 'Bearer ' + this.accessToken_;
   
return UrlFetchApp.fetch(url, fetchOptions);
 
};

 
/**
   * Performs the authentication step
   * @param {string} tokenUrl The endpoint for use in obtaining the token.
   * @param {!Object} payload The authentication payload, typically containing
   *     details of the grant type, credentials etc.
   * @param {string=} opt_authHeader Client credential grant also can make use
   *     of an Authorisation header, as specified here
   * @param {string=} opt_scope Optional string of spaced-delimited scopes.
   * @return {string} The access token
   */

 
function authenticate_(tokenUrl, payload, opt_authHeader, opt_scope) {
   
const options = {muteHttpExceptions: true, method: 'POST', payload: payload};
   
if (opt_scope) {
      options
.payload.scope = opt_scope;
   
}
   
if (opt_authHeader) {
      options
.headers = {Authorization: opt_authHeader};
   
}
   
const response = UrlFetchApp.fetch(tokenUrl, options);
   
const responseData = JSON.parse(response.getContentText());
   
if (responseData && responseData.access_token) {
     
const accessToken = responseData.access_token;
   
} else {
     
throw Error('No access token received: ' + response.getContentText());
   
}
   
return accessToken;
 
}

 
/**
   * Creates a OAuth2UrlFetchApp object having authenticated with a refresh
   * token.
   * @param {string} tokenUrl The endpoint for use in obtaining the token.
   * @param {string} clientId The client ID representing the application.
   * @param {string} clientSecret The client secret.
   * @param {string} refreshToken The refresh token obtained through previous
   *     (possibly interactive) authentication.
   * @param {string=} opt_scope Space-delimited set of scopes.
   * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.
   */

 
function withRefreshToken(
      tokenUrl
, clientId, clientSecret, refreshToken, opt_scope) {
   
const payload = {
      grant_type
: 'refresh_token',
      client_id
: clientId,
      client_secret
: clientSecret,
      refresh_token
: refreshToken
   
};
   
const accessToken = authenticate_(tokenUrl, payload, null, opt_scope);
   
return new OAuth2UrlFetchApp(accessToken);
 
}

 
/**
   * Creates a OAuth2UrlFetchApp object having authenticated with client
   * credentials.
   * @param {string} tokenUrl The endpoint for use in obtaining the token.
   * @param {string} clientId The client ID representing the application.
   * @param {string} clientSecret The client secret.
   * @param {string=} opt_scope Space-delimited set of scopes.
   * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.
   */

 
function withClientCredentials(tokenUrl, clientId, clientSecret, opt_scope) {
   
const authHeader =
       
'Basic ' + Utilities.base64Encode([clientId, clientSecret].join(':'));
   
const payload = {
      grant_type
: 'client_credentials',
      client_id
: clientId,
      client_secret
: clientSecret
   
};
   
const accessToken = authenticate_(tokenUrl, payload, authHeader, opt_scope);
   
return new OAuth2UrlFetchApp(accessToken);
 
}

 
/**
   * Creates a OAuth2UrlFetchApp object having authenticated with OAuth2 username
   * and password.
   * @param {string} tokenUrl The endpoint for use in obtaining the token.
   * @param {string} clientId The client ID representing the application.
   * @param {string} username OAuth2 Username
   * @param {string} password OAuth2 password
   * @param {string=} opt_scope Space-delimited set of scopes.
   * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.
   */

 
function withPassword(tokenUrl, clientId, username, password, opt_scope) {
   
const payload = {
      grant_type
: 'password',
      client_id
: clientId,
      username
: username,
      password
: password
   
};
   
const accessToken = authenticate_(tokenUrl, payload, null, opt_scope);
   
return new OAuth2UrlFetchApp(accessToken);
 
}

 
/**
   * Creates a OAuth2UrlFetchApp object having authenticated as a Service
   * Account.
   * Flow details taken from:
   *     https://developers.google.com/identity/protocols/OAuth2ServiceAccount
   * @param {string} tokenUrl The endpoint for use in obtaining the token.
   * @param {string} serviceAccount The email address of the Service Account.
   * @param {string} key The key taken from the downloaded JSON file.
   * @param {string} scope Space-delimited set of scopes.
   * @return {!OAuth2UrlFetchApp} The object for making authenticated requests.
   */

 
function withServiceAccount(tokenUrl, serviceAccount, key, scope) {
   
const assertionTime = new Date();
   
const jwtHeader = '{"alg":"RS256","typ":"JWT"}';
   
const jwtClaimSet = {
      iss
: serviceAccount,
      scope
: scope,
      aud
: tokenUrl,
      exp
: Math.round(assertionTime.getTime() / 1000 + 3600),
      iat
: Math.round(assertionTime.getTime() / 1000)
   
};
   
const jwtAssertion = Utilities.base64EncodeWebSafe(jwtHeader) + '.' +
       
Utilities.base64EncodeWebSafe(JSON.stringify(jwtClaimSet));
   
const signature = Utilities.computeRsaSha256Signature(jwtAssertion, key);
    jwtAssertion
+= '.' + Utilities.base64Encode(signature);
   
const payload = {
      grant_type
: 'urn:ietf:params:oauth:grant-type:jwt-bearer',
      assertion
: jwtAssertion
   
};
   
const accessToken = authenticate_(tokenUrl, payload, null);
   
return new OAuth2UrlFetchApp(accessToken);
 
}

  scope
.OAuth2 = {
    withRefreshToken
: withRefreshToken,
    withClientCredentials
: withClientCredentials,
    withServiceAccount
: withServiceAccount,
    withPassword
: withPassword
 
};
})(this);