Skip to content

Instantly share code, notes, and snippets.

@salrashid123

salrashid123/app.js

Created October 11, 2017 16:57
Show Gist options
  • Save salrashid123/919a1644d926396bdf4a512828a51c17 to your computer and use it in GitHub Desktop.
Save salrashid123/919a1644d926396bdf4a512828a51c17 to your computer and use it in GitHub Desktop.
Download ZIP
NodeJS app to access Google Cloud Identity Aware Proxy
Raw
app.js
const request = require('request');
const log4js = require("log4js");
const jwt = require('jsonwebtoken');
const logger = log4js.getLogger();
const secure_IAAP_URL = 'https://YOUR_PROTECTED_PAGE';
const iap_clientID = 'client_id_for_iaap.apps.googleusercontent.com';
const svc_account = "service_account_for_json_cert_file.iam.gserviceaccount.com";
const projectId = 'your_project_id';
const cert = '/path/to/your/cert/file.json';
var client = require(cert);
private_key = client.private_key;
jwt_payload = {
"iss": svc_account,
"aud": "https://www.googleapis.com/oauth2/v4/token",
"exp": Math.floor(Date.now() / 1000) + (60),
"iat": Math.floor(Date.now() / 1000),
"target_audience": iap_clientID
}
var signedJwt = jwt.sign(jwt_payload, private_key, { algorithm: 'RS256' });
logger.info('Signed JWT: ' + signedJwt);
request.post('https://www.googleapis.com/oauth2/v4/token', {
form: {
'grant_type':'urn:ietf:params:oauth:grant-type:jwt-bearer',
'assertion' : signedJwt
}
}, function (err, response, body) {
if (err) {
throw err;
}
id_token = JSON.parse(body).id_token;
logger.info("Acquired Google IDToken: " + id_token);
logger.info("Making IAAP request to endpoint: " + secure_IAAP_URL);
var options = {
url: secure_IAAP_URL,
headers: {
'Authorization': 'Bearer ' + id_token
}
};
request(options,function (error, response, body) {
if (err) {
throw err;
}
logger.info('statusCode:', response && response.statusCode);
logger.info(body)
});
}
);
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment