Skip to content

Instantly share code, notes, and snippets.

@DinoChiesa

DinoChiesa/GCP-Token.postman_collection.json

Created September 27, 2023 16:24
Show Gist options
  • Save DinoChiesa/ef4296348ebab7f34801a162881af78a to your computer and use it in GitHub Desktop.
Save DinoChiesa/ef4296348ebab7f34801a162881af78a to your computer and use it in GitHub Desktop.
Download ZIP
Postman collection to get a GCP access token from a service account key file
Raw
README.txt
To use this collection, you must set these in your Postman environment:
- apigeeapis : https://apigee.googleapis.com
- organization : your-org-name
- sakeyjson : the full JSON from your downloaded Service Account key
Raw
GCP-Token.postman_collection.json
{
"info": {
"_postman_id": "9b8ac0ff-cfa9-46da-b8f2-4d133a772ce0",
"name": "GCP Token",
"schema": "https://schema.getpostman.com/json/collection/v2.1.0/collection.json",
"_exporter_id": "22976572"
},
"item": [
{
"name": "1. get JS-RSA-sign module",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"pm.globals.set(\"jsrsasign-js\", responseBody);"
],
"type": "text/javascript"
}
}
],
"request": {
"method": "GET",
"header": [],
"url": {
"raw": "https://raw.githubusercontent.com/kjur/jsrsasign/master/jsrsasign-all-min.js",
"protocol": "https",
"host": [
"raw",
"githubusercontent",
"com"
],
"path": [
"kjur",
"jsrsasign",
"master",
"jsrsasign-all-min.js"
]
}
},
"response": []
},
{
"name": "2. Get a GCP access token",
"event": [
{
"listen": "prerequest",
"script": {
"exec": [
"var navigator = {};",
"var window = {};",
"if (pm.globals.get(\"jsrsasign-js\")) {",
"eval(pm.globals.get(\"jsrsasign-js\"));",
"let sakey = JSON.parse(pm.environment.get('sakeyjson'));",
"",
"const requiredScopes = 'https://www.googleapis.com/auth/cloud-platform';",
"",
"const nowInSeconds = Math.floor(Date.now() / 1000),",
" jwtHeader = { alg: \"RS256\", typ: \"JWT\"},",
" jwtClaims = {",
" iss: sakey.client_email,",
" aud: sakey.token_uri,",
" iat: nowInSeconds,",
" exp: nowInSeconds + 60,",
" scope: requiredScopes",
"};",
"",
"const sHeader = JSON.stringify(jwtHeader),",
" sPayload = JSON.stringify(jwtClaims);",
"",
"const sJWT = KJUR.jws.JWS.sign(jwtHeader.alg, sHeader, sPayload, sakey.private_key);",
"",
"pm.variables.set('oauth-request-token', sJWT);",
"}",
"",
""
],
"type": "text/javascript"
}
},
{
"listen": "test",
"script": {
"exec": [
"let responseData = pm.response.json();",
"pm.environment.set(\"gcp-access-token\", responseData.access_token);"
],
"type": "text/javascript"
}
}
],
"protocolProfileBehavior": {
"disabledSystemHeaders": {
"user-agent": true,
"accept": true,
"connection": true,
"accept-encoding": true
}
},
"request": {
"method": "POST",
"header": [],
"body": {
"mode": "formdata",
"formdata": [
{
"key": "grant_type",
"value": "urn:ietf:params:oauth:grant-type:jwt-bearer",
"type": "text"
},
{
"key": "assertion",
"value": "{{oauth-request-token}}",
"type": "text"
}
]
},
"url": {
"raw": "https://oauth2.googleapis.com/token",
"protocol": "https",
"host": [
"oauth2",
"googleapis",
"com"
],
"path": [
"token"
]
}
},
"response": []
},
{
"name": "3. Use the token to query Apigee APIs",
"protocolProfileBehavior": {
"disabledSystemHeaders": {
"user-agent": true,
"accept-encoding": true,
"connection": true
}
},
"request": {
"method": "GET",
"header": [
{
"key": "Authorization",
"value": "Bearer {{gcp-access-token}}",
"type": "text"
}
],
"url": {
"raw": "{{apigeeapis}}/v1/organizations/{{organization}}/apis",
"host": [
"{{apigeeapis}}"
],
"path": [
"v1",
"organizations",
"{{organization}}",
"apis"
]
}
},
"response": []
}
],
"event": [
{
"listen": "prerequest",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
},
{
"listen": "test",
"script": {
"type": "text/javascript",
"exec": [
""
]
}
}
]
}
@DinoChiesa
Copy link
Author

This works for getting a GCP token to invoke any of the google cloud apis. You just need a service account with the proper role.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment