private ServiceAccountCredential getServiceAccountCredential(String pathToJsonFile, String emailToImpersonate) { // Load and deserialize credential parameters from the specified JSON file. JsonCredentialParameters parameters; using (Stream json = new FileStream(pathToJsonFile, FileMode.Open, FileAccess.Read)) { parameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(json); } // Create a credential initializer with the correct scopes. ServiceAccountCredential.Initializer initializer = new ServiceAccountCredential.Initializer(parameters.ClientEmail) { Scopes = OAuthScopes }; // Configure impersonation (if applicable). if (!String.IsNullOrEmpty(emailToImpersonate)) { initializer.User = emailToImpersonate; } // Create a service account credential object using the deserialized private key. ServiceAccountCredential credential = new ServiceAccountCredential(initializer.FromPrivateKey(parameters.PrivateKey)); return(credential); }
private async Task <AnalyticsReportingService> _analyticsReportingService() { try { var scopes = new[] { AnalyticsReportingService.Scope.Analytics }; var temp = new ServiceAccountCredential.Initializer(_googleAnalyticsSettings.gaserviceAccountEmail) { Scopes = scopes }; string privateKey = _googleAnalyticsSettings.gaprivateKey.Replace("\\n", "\n"); var credential = new ServiceAccountCredential(temp.FromPrivateKey(privateKey)); return(new AnalyticsReportingService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "GrandNode", })); } catch (Exception ex) { await _logger.InsertLog(Domain.Logging.LogLevel.Error, "GoogleAnalytics", ex.Message); return(await Task.FromResult <AnalyticsReportingService>(null)); } }
public async Task RefreshesOidcToken() { // A little bit after the tokens returned from OidcTokenFakes were issued. var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc)); var messageHandler = new OidcTokenResponseSuccessMessageHandler(); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey)); var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience")); var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync()); Assert.Equal("https://first_call.test", signedToken.Payload.Audience); // Move the clock so that the token expires. clock.UtcNow = clock.UtcNow.AddHours(2); signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync()); Assert.Equal("https://subsequent_calls.test", signedToken.Payload.Audience); // Two calls, because the second time we tried to get the token, the first one had expired. Assert.Equal(2, messageHandler.Calls); }
public async Task FetchesOidcToken() { // A little bit after the tokens returned from OidcTokenFakes were issued. var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc)); var messageHandler = new OidcTokenResponseSuccessMessageHandler(); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey)); // The fake Oidc server returns valid tokens (expired in the real world for safety) // but with a set audience that lets us know if the token was refreshed or not. var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored")); var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync()); Assert.Equal("https://first_call.test", signedToken.Payload.Audience); // Move the clock some but not enough that the token expires. clock.UtcNow = clock.UtcNow.AddMinutes(20); signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync()); Assert.Equal("https://first_call.test", signedToken.Payload.Audience); // Only the first call should have resulted in a request. The second time the token hadn't expired. Assert.Equal(1, messageHandler.Calls); }
public void Pkcs8Decoding_FromPrivateKey() { // This is a service credential, as downloaded from the Cloud Console on 2016-12-08 string dummyServiceAccountCredentialFileContents = @" { ""type"": ""service_account"", ""private_key_id"": ""71bb487f3414f923196c5c433cf20a8c0f689562"", ""private_key"": ""-----BEGIN PRIVATE KEY----- MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDQvitimRPWE2YM tOADu3jb89UQmqZz8ao6NFoAjYiYDdg/6UBUTscQwGb6rIvllMtcT6BdS4rMKUwv kSQFbO14gi7FiZBj4eJKveObVnt9RPxqT1txBieEPFtgJalh0GpyCo5GUmadgqe+ 89ZF+VQBFE2hMoZhBny/FDba2/qDIk1GmksdXjC67ZI0EYRCGI71eXjOpQX/wOJs tosMQRSTHjPKhZKvZTtjksMRWm8SlQoyORZKXsV6OGKztOieIvncKoX3lrkSupax J+v0yYQJIF2uTFDbbCDL86bgUJ7TyZJ9X1AvrnHGNWp+QzQBDbTCMpZCuY81ARdu BHeacqR3AgMBAAECggEAK7Cx+fgaO8Nhp6UwAff6KudVIB2OW1QokfglIlp9TX4Q VggnC75VUf9DTpJQ0aOcEN0lroFCMssuBAK37F7JMWDmEzhgvVco+wXVnsyyGh0X S9UCSZzFJptPcMdRNYTe0rG856EVk0AmhgQZRBoUaAls2iFuGN63u3KqrJJAU7O4 MPofQizwNcMmiDqRV0rnU6HgmIRQ64hMMh1bnnw4I35esOXjO1O2PiwyyK0jHuVz eBNeD0wEXNLIP4CqDsQ0DKyBPKXZW4bmFnluq4s+VvgPMczUli7Ph0bM7G1oR0LF nZk8tSO9cZ4lLcZpY5mHg7lHzSE6oPAxrkPYoa+6IQKBgQD6I7KaUcmkQj+vOQ18 sZCA28tXqjW2cGB4ThqG2uYeHK8khhjh/Pj07TFr8Xjpz1gNr1NNBJhR9Qs/dO9N WCXS6s0fsVz/gm8N36w7kcBe+Uo43UIt3U6xvZVG4eJYWe2B5+0sZeXzMfzGhwug VkinOJ0CoVpGFTByPrn17O9T8QKBgQDVoi5AO7jvL3nxLQyfXy6XhkHvmnrRU5hV eHrgO2+0TsjAHNRhGGrKTMDqCrMvJqxXbXAwNIKxPdzGCXjam4QzaXgp8+bJWHNe UNRfbWUxVo/Mzfp4owN6oCOVN2cTrnz/doFhuT1LjDj2KK5+hY6qtleH+h00XjCi 0xrTGCpG5wKBgDy0pya+jKI5lb0Pqo9FhJ1ROkM3QrvZAACSa+uoekp6iaLijG1j +INwgRsCSmbr9CG2GBBL+i+Buc4Xse/iYaOTal6zq68y14LVcrYuRDKIa5PrVqFM 4UlPikfekBEDGhn50FyDClCAJCmGIrMx3YX/vlMiF4eEovJG+NiPPPHxAoGBANQq qKJ0bbtmPEYQxot1HTGxTcSneDhyPEUOTYJqpQq+f9OEDkyL0msthR4rGD/Iubpu XtARJobeeGdZuuPpNYdVxNhteZQXuyQ9RF2tqKUyYcg1/P5YbzkW15/3EPDUByIz UFV8geqIzX1zc7EF9WWHiDDsbpq2vLjIzcg+JKabAoGAI7kuoGBdvIHne3Y3tucQ JzcnYI3bppbhyn1dmm8jsaaWrtBvFqCb1y1MjaoL4lNi+brdd6bpV5u447GBQfG8 o3L1luXTksRPmwh5NbhXWl/ieiWc6WQL6sr8Q+vSYDKAo95zdhWJvWs+/v7NfWoF lK1DcBvq+IFLucBdi0/9hXE= -----END PRIVATE KEY-----"", ""client_email"": ""CLIENT_EMAIL"", ""client_id"": ""112326926692598796719"" }"; var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(dummyServiceAccountCredentialFileContents); var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail) { Clock = new MockClock { UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc) } }; initializer.FromPrivateKey(credentialParameters.PrivateKey); var ps = initializer.Key.ExportParameters(true); Assert.Equal("D0BE2B629913D613660CB4E003BB78DBF3D5109AA673F1AA3A345A008D88980DD83FE940544EC710C066FAAC8BE594CB5C4FA05D4B8ACC294C2F9124056CED78822EC5899063E1E24ABDE39B567B7D44FC6A4F5B710627843C5B6025A961D06A720A8E4652669D82A7BEF3D645F95401144DA1328661067CBF1436DADBFA83224D469A4B1D5E30BAED9234118442188EF57978CEA505FFC0E26CB68B0C4114931E33CA8592AF653B6392C3115A6F12950A3239164A5EC57A3862B3B4E89E22F9DC2A85F796B912BA96B127EBF4C98409205DAE4C50DB6C20CBF3A6E0509ED3C9927D5F502FAE71C6356A7E4334010DB4C2329642B98F3501176E04779A72A477", ToHex(ps.Modulus)); Assert.Equal("010001", ToHex(ps.Exponent)); Assert.Equal("2BB0B1F9F81A3BC361A7A53001F7FA2AE755201D8E5B542891F825225A7D4D7E105608270BBE5551FF434E9250D1A39C10DD25AE814232CB2E0402B7EC5EC93160E6133860BD5728FB05D59ECCB21A1D174BD502499CC5269B4F70C7513584DED2B1BCE7A115934026860419441A1468096CDA216E18DEB7BB72AAAC924053B3B830FA1F422CF035C326883A91574AE753A1E0988450EB884C321D5B9E7C38237E5EB0E5E33B53B63E2C32C8AD231EE57378135E0F4C045CD2C83F80AA0EC4340CAC813CA5D95B86E616796EAB8B3E56F80F31CCD4962ECF8746CCEC6D684742C59D993CB523BD719E252DC66963998783B947CD213AA0F031AE43D8A1AFBA21", ToHex(ps.D)); Assert.Equal("FA23B29A51C9A4423FAF390D7CB19080DBCB57AA35B67060784E1A86DAE61E1CAF248618E1FCF8F4ED316BF178E9CF580DAF534D049851F50B3F74EF4D5825D2EACD1FB15CFF826F0DDFAC3B91C05EF94A38DD422DDD4EB1BD9546E1E25859ED81E7ED2C65E5F331FCC6870BA05648A7389D02A15A461530723EB9F5ECEF53F1", ToHex(ps.P)); Assert.Equal("D5A22E403BB8EF2F79F12D0C9F5F2E978641EF9A7AD1539855787AE03B6FB44EC8C01CD461186ACA4CC0EA0AB32F26AC576D70303482B13DDCC60978DA9B8433697829F3E6C958735E50D45F6D6531568FCCCDFA78A3037AA02395376713AE7CFF768161B93D4B8C38F628AE7E858EAAB65787FA1D345E30A2D31AD3182A46E7", ToHex(ps.Q)); Assert.Equal("3CB4A726BE8CA23995BD0FAA8F45849D513A433742BBD90000926BEBA87A4A7A89A2E28C6D63F88370811B024A66EBF421B618104BFA2F81B9CE17B1EFE261A3936A5EB3ABAF32D782D572B62E4432886B93EB56A14CE1494F8A47DE9011031A19F9D05C830A508024298622B331DD85FFBE5322178784A2F246F8D88F3CF1F1", ToHex(ps.DP)); Assert.Equal("D42AA8A2746DBB663C4610C68B751D31B14DC4A77838723C450E4D826AA50ABE7FD3840E4C8BD26B2D851E2B183FC8B9BA6E5ED0112686DE786759BAE3E9358755C4D86D799417BB243D445DADA8A53261C835FCFE586F3916D79FF710F0D407223350557C81EA88CD7D7373B105F565878830EC6E9AB6BCB8C8CDC83E24A69B", ToHex(ps.DQ)); Assert.Equal("23B92EA0605DBC81E77B7637B6E710273727608DDBA696E1CA7D5D9A6F23B1A696AED06F16A09BD72D4C8DAA0BE25362F9BADD77A6E9579BB8E3B18141F1BCA372F596E5D392C44F9B087935B8575A5FE27A259CE9640BEACAFC43EBD2603280A3DE73761589BD6B3EFEFECD7D6A0594AD43701BEAF8814BB9C05D8B4FFD8571", ToHex(ps.InverseQ)); }
private IConfigurableHttpClientInitializer ServiceAccountInitializer() { var svcInit = new ServiceAccountCredential.Initializer(_config.CredentialParameters.ClientEmail) { Scopes = new[] { DriveService.Scope.Drive } }; return(new ServiceAccountCredential(svcInit.FromPrivateKey(_config.CredentialParameters.PrivateKey))); }
private ServiceAccountCredential GetServiceAccount() { var initializer = new ServiceAccountCredential.Initializer(_options.ClientEmail) { ProjectId = _options.ProjectId }; return(new ServiceAccountCredential(initializer.FromPrivateKey(_options.PrivateKey))); }
private ServiceAccountCredential GetCredentials() { var initializer = new ServiceAccountCredential.Initializer(configuration.GoogleClientEmail); initializer.Scopes = Scopes; var result = new ServiceAccountCredential(initializer.FromPrivateKey(configuration.GoogleClientPrivateKey)); return(result); }
public string GetCoverUrl(string userId, int bookId, string coverName) { var coverPath = $"{_baseBookPath}{userId}/{bookId}/{coverName}"; var initializer = new ServiceAccountCredential.Initializer(_googleCloudStorageSettings.Id); UrlSigner urlSgSigner = UrlSigner.FromServiceAccountCredential( new ServiceAccountCredential(initializer.FromPrivateKey(_googleCloudStorageSettings.PrivateKey))); string url = urlSgSigner.Sign(_googleCloudStorageSettings.BucketName, coverPath, TimeSpan.FromDays(5)); return(url); }
public string GetDownloadUrl(string userId, int bookId, string bookFileName) { var bookPath = $"{_baseBookPath}{userId}/{bookId}/{bookFileName}"; var initializer = new ServiceAccountCredential.Initializer(_googleCloudStorageSettings.Id); UrlSigner urlSgSigner = UrlSigner.FromServiceAccountCredential( new ServiceAccountCredential(initializer.FromPrivateKey(_googleCloudStorageSettings.PrivateKey))); string url = urlSgSigner.Sign(_googleCloudStorageSettings.BucketName, bookPath, TimeSpan.FromMinutes(10), HttpMethod.Get); return(url); }
public GoogleDriveManager() { var initializer = new ServiceAccountCredential.Initializer(ConfigurationManager.AppSettings["GoogleDriveServiceAccountEmail"].ToString()) { Scopes = new string[] { DriveService.Scope.Drive } }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(ConfigurationManager.AppSettings["GoogleDrivePrivateKey"].ToString())); service = new DriveService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = ConfigurationManager.AppSettings["GoogleDriveApplicationName"].ToString(), }); service.HttpClient.Timeout = TimeSpan.FromMinutes(100); }
public async Task ValidLocallySignedAccessToken_FromPrivateKey() { const string dummyServiceAccountCredentialFileContents = @"{ ""private_key_id"": ""PRIVATE_KEY_ID"", ""private_key"": ""-----BEGIN PRIVATE KEY----- MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAJJM6HT4s6btOsfe 2x4zrzrwSUtmtR37XTTi0sPARTDF8uzmXy8UnE5RcVJzEH5T2Ssz/ylX4Sl/CI4L no1l8j9GiHJb49LSRjWe4Yx936q0Xj9H0R1HTxvjUPqwAsTwy2fKBTog+q1frqc9 o8s2r6LYivUGDVbhuUzCaMJsf+x3AgMBAAECgYEAi0FTXsu/zRswAUGaViQiHjrL uU65BSHXNVjV/2fLNEKnGWGqpli68z1IXY+S2nwbUak7rnGsq9/0F6jtsW+hZbLk KXUOuuExpeC5Kd6ngWX/f2jqmhlUabiQijU9cVk7pMq8EHkRtvlosnMTUAEzempu QUPwn1PZHhmJkBvZ4lECQQDCErrxl+e3BwUDcS0yVEEmCNSG6xdXs2878b8rzbe7 3Mmi6SuuOLi3PU92J+j+f/MOdtYrk13mEDdYmd5dhrt5AkEAwPvDEsDT/W4y4h5n gv1awGBA5aLFE1JNWM/Gwn4D1cGpEDHKFREaBtxMDCASpHJuw8r7zUywpKhmBZcf GS37bwJANdSAKfbafLfjuhqwUJ9yGpykZm/a36aTmerp/bpn1iHdg+RtCzwMcDb/ TWSwibbvsflgWmHbz657y4WSWhq+8QJAWrpCNN/ZCk2zuGDo80lfUBAwkoVat8G6 wWU1oZyS+vzIGef+hLb8kHsjeZPej9eIwZ39kcBbT54oELrCkRjwGwJAQ8V2A7lT ZUp8AsbVqF6rbLiiUfJMo2btGclQu4DEVyS+ymFA65tXDLUuR9EDqJYdqHNZJ5B8 4Z5p2prkjWTLcA== -----END PRIVATE KEY-----"", ""client_email"": ""CLIENT_EMAIL"", ""client_id"": ""CLIENT_ID"", ""type"": ""service_account""}"; var credentialParameters = NewtonsoftJsonSerializer.Instance.Deserialize <JsonCredentialParameters>(dummyServiceAccountCredentialFileContents); var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail) { Clock = new MockClock { UtcNow = new DateTime(2016, 1, 1, 0, 0, 0, DateTimeKind.Utc) } }; var cred = new ServiceAccountCredential(initializer.FromPrivateKey(credentialParameters.PrivateKey)); Assert.False(cred.Scopes?.Any()); // HasScopes must be false for the type of access token we want to test. string accessToken = await cred.GetAccessTokenForRequestAsync("http://authurl/"); string expectedToken = "eyJhbGciOiJSUzI1NiIsInR5cCI6IkpXVCJ9.eyJpc3MiOiJDTElFTlRfRU1BSUwiLCJz" + "dWIiOiJDTElFTlRfRU1BSUwiLCJhdWQiOiJodHRwOi8vYXV0aHVybC8iLCJleHAiOjE0N" + "TE2MTAwMDAsImlhdCI6MTQ1MTYwNjQwMH0.WLljSaAqxMVZnAxFA2SvpA3n2WRlQW71Nb" + "CUkbN-ZI-EWoL-HhgiV_3ISrXMvbDHYhBR0vvtXE0PcRcsMEf51Y0jV4DXZ8hf-QJFq7O" + "Hrepwe93dnDE6uNVnbj41_0phuy1WKwae29Qp2aPI2Y8E8Z2tXQlF87E_MdgjXVeTF8k"; Assert.Equal(expectedToken, accessToken); }
public async Task FromServiceAccountCredential_FetchesOicdToken() { var clock = new MockClock { UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc) }; var messageHandler = new OidcTokenSuccessMessageHandler(clock); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var serviceAccountCredential = new ServiceAccountCredential(initializer.FromPrivateKey(ServiceAccountCredentialTests.PrivateKey)); var googleCredential = GoogleCredential.FromServiceAccountCredential(serviceAccountCredential); var oidcToken = await googleCredential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience")); Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync()); }
public static IServiceCollection AddWebAnalytics(this IServiceCollection services) { services.AddSingleton <AnalyticsReportingService>(sp => { var appConfig = sp.GetRequiredService <IConfiguration>(); var gaServiceAccount = appConfig["GoogleAnalytics:ServiceAccount"]; var gaServiceKey = appConfig["GoogleAnalytics:Key"]; // create the GA auth client var scopes = new[] { AnalyticsReportingService.Scope.Analytics }; var init = new ServiceAccountCredential.Initializer(gaServiceAccount) { Scopes = scopes }; var credentials = new ServiceAccountCredential(init.FromPrivateKey(gaServiceKey)); var ars = new AnalyticsReportingService(new BaseClientService.Initializer() { HttpClientInitializer = credentials, ApplicationName = "KPI.Collector" }); return(ars); }); services.AddSingleton <GoogleAnalyticsStatsConfig>(sp => { var appConfig = sp.GetRequiredService <IConfiguration>(); var tuples = appConfig.GetSection("GoogleAnalytics:Sites").GetChildren() .Select(x => (x["ViewId"], x["Domain"])).ToArray(); return(new GoogleAnalyticsStatsConfig(tuples)); }); services.AddSingleton <IWebStatsService, GoogleAnalyticsWebStatsService>(); return(services); }
public async Task FromServiceAccountCredential_FetchesOidcToken() { // A little bit after the tokens returned from OidcTokenFakes were issued. var clock = new MockClock(new DateTime(2020, 5, 13, 15, 0, 0, 0, DateTimeKind.Utc)); var messageHandler = new OidcTokenResponseSuccessMessageHandler(); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var serviceAccountCredential = new ServiceAccountCredential(initializer.FromPrivateKey(ServiceAccountCredentialTests.PrivateKey)); var googleCredential = GoogleCredential.FromServiceAccountCredential(serviceAccountCredential); // The fake Oidc server returns valid tokens (expired in the real world for safty) // but with a set audience that lets us know if the token was refreshed or not. var oidcToken = await googleCredential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("will.be.ignored")); var signedToken = SignedToken <Header, Payload> .FromSignedToken(await oidcToken.GetAccessTokenAsync()); Assert.Equal("https://first_call.test", signedToken.Payload.Audience); }
static ServiceAccountCredential ServiceAccountCredential( JsonCredentialParameters credentialParameters, IEnumerable <string> scopes, string?emailToImpersonate) { // Create a credential initializer with the correct scopes. var initializer = new ServiceAccountCredential.Initializer(credentialParameters.ClientEmail) { Scopes = scopes }; // Configure impersonation (if applicable). if (!string.IsNullOrEmpty(emailToImpersonate)) { initializer.User = emailToImpersonate; } // Create a service account credential object using the deserialized private key. var credential = new ServiceAccountCredential(initializer.FromPrivateKey(credentialParameters.PrivateKey)); return(credential); }
public async Task FetchesOidcToken_CorrectPayloadSent() { var clock = new MockClock { UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc) }; var messageHandler = new OidcTokenSuccessMessageHandler(clock); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey)); var expectedPayload = new JsonWebSignature.Payload { Issuer = "MyId", Subject = "MyId", Audience = GoogleAuthConsts.OidcAuthorizationUrl, IssuedAtTimeSeconds = (long)(clock.UtcNow - UnixEpoch).TotalSeconds, ExpirationTimeSeconds = (long)(clock.UtcNow.Add(JwtLifetime) - UnixEpoch).TotalSeconds, TargetAudience = "any_audience" }; var serializedExpectedPayload = NewtonsoftJsonSerializer.Instance.Serialize(expectedPayload); var urlSafeEncodedExpectedPayload = UrlSafeBase64Encode(serializedExpectedPayload); var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("any_audience")); await oidcToken.GetAccessTokenAsync(); var requestFormDict = messageHandler.LatestRequestContent.Split('&') .ToDictionary(entry => entry.Split('=')[0], entry => entry.Split('=')[1]); var assertion = requestFormDict["assertion"]; // Assertion format shoould be headers.payload.signature var encodedPayload = assertion.Split('.')[1]; Assert.Contains(urlSafeEncodedExpectedPayload, encodedPayload); }
private ServiceAccountCredential CreateServiceAccountCredential(JsonCredentialParameters credParams) { var scopes = new List <string> { DirectoryService.Scope.AdminDirectoryUserReadonly, DirectoryService.Scope.AdminDirectoryGroupReadonly, DirectoryService.Scope.AdminDirectoryGroupMemberReadonly }; if (credParams.Type != JsonCredentialParameters.ServiceAccountCredentialType || string.IsNullOrEmpty(credParams.ClientEmail) || string.IsNullOrEmpty(credParams.PrivateKey)) { throw new InvalidOperationException("JSON data does not represent a valid service account credential."); } var initializer = new ServiceAccountCredential.Initializer(credParams.ClientEmail); initializer.User = SettingsService.Instance.Server.GSuite.AdminUser; initializer.Scopes = scopes; return(new ServiceAccountCredential(initializer.FromPrivateKey(credParams.PrivateKey))); }
public async Task FetchesOidcToken() { var clock = new MockClock { UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc) }; var messageHandler = new OidcTokenSuccessMessageHandler(clock); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey)); var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience")); Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync()); // Move the clock some but not enough that the token expires. clock.UtcNow = clock.UtcNow.AddMinutes(20); Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync()); // Only the first call should have resulted in a request. The second time the token hadn't expired. Assert.Equal(1, messageHandler.Calls); }
public async Task RefreshesOidcToken() { var clock = new MockClock { UtcNow = new DateTime(2020, 1, 1, 0, 0, 0, 0, DateTimeKind.Utc) }; var messageHandler = new OidcTokenSuccessMessageHandler(clock); var initializer = new ServiceAccountCredential.Initializer("MyId", "http://will.be.ignored") { Clock = clock, ProjectId = "a_project_id", HttpClientFactory = new MockHttpClientFactory(messageHandler) }; var credential = new ServiceAccountCredential(initializer.FromPrivateKey(PrivateKey)); var oidcToken = await credential.GetOidcTokenAsync(OidcTokenOptions.FromTargetAudience("audience")); Assert.Equal("very_fake_access_token_1", await oidcToken.GetAccessTokenAsync()); // Move the clock so that the token expires. clock.UtcNow = clock.UtcNow.AddHours(2); Assert.Equal("very_fake_access_token_2", await oidcToken.GetAccessTokenAsync()); // Two calls, because the second time we tried to get the token, the first one had expired. Assert.Equal(2, messageHandler.Calls); }
public SheetApiService(IOptions <GoogleServiceAccount> serviceAccount) { var _serviceAccount = serviceAccount.Value; ServiceAccountCredential credential; if (string.IsNullOrEmpty(_serviceAccount.ServiceEmail)) { Console.WriteLine($"GOOGLE EMAIL NOT PROVIDED: {_serviceAccount.ServiceEmail}"); throw new ArgumentNullException(nameof(_serviceAccount.ServiceEmail)); } if (string.IsNullOrEmpty(_serviceAccount.PrivateKey)) { Console.WriteLine($"GOOGLE PRIVATE KEY NOT PROVIDED: {_serviceAccount.PrivateKey}"); throw new ArgumentNullException(nameof(_serviceAccount.PrivateKey)); } var initializer = new ServiceAccountCredential.Initializer(_serviceAccount.ServiceEmail) { Scopes = Scopes }; credential = new ServiceAccountCredential(initializer.FromPrivateKey(_serviceAccount.PrivateKey)); if (!credential.RequestAccessTokenAsync(System.Threading.CancellationToken.None).Result) { throw new InvalidOperationException("Access token failed."); } // create Google Sheets API service _googleSheets = new SheetsService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = "Google Sheets API .NET Quickstart" }); }
public static void Execute(IList <IList <object> > list) { try { // Set some basic variable to initialise Google Sheets API string[] Scopes = { SheetsService.Scope.Spreadsheets }; string serviceAccountEmail = (String)Settings.export["googleSheetsServiceAccount"]["client_email"]; string key = (String)Settings.export["googleSheetsServiceAccount"]["private_key"]; // Initialise the Google API ServiceAccount var initializer = new ServiceAccountCredential.Initializer(serviceAccountEmail) { User = serviceAccountEmail, Scopes = Scopes }; // Set the ServiceAccount Key ServiceAccountCredential credential = new ServiceAccountCredential(initializer.FromPrivateKey(key)); // Create Google Sheets API service. var service = new SheetsService(new BaseClientService.Initializer() { HttpClientInitializer = credential, ApplicationName = ApplicationName, }); // Define request parameters. String spreadsheetId = (string)Settings.export["googleSheets"]["id"]; String spreadsheetTab = (string)Settings.export["googleSheets"]["sheet"]; // Define the sheet range var rng = string.Format("{0}!A1:A{1}", spreadsheetTab, list.Count); var vRange = new ValueRange { Range = rng, Values = list, MajorDimension = "ROWS" }; // Send the request to the Google Sheets API var rqst = service.Spreadsheets.Values.Append(vRange, spreadsheetId, rng); rqst.ValueInputOption = SpreadsheetsResource.ValuesResource.AppendRequest.ValueInputOptionEnum.USERENTERED; rqst.Execute(); } catch (System.Net.Http.HttpRequestException e) { Debug.WriteLine(string.Join("\n\n", new string[] { "", $"'{e}'", "Connection to Google Sheets API failed.", "Are you offline?", e.Message, "Continuing without exporting to Google Sheets.", "" })); } catch (Google.GoogleApiException e) { if (e.Error.Code == 403) { Debug.WriteLine(string.Join("\n\n", new string[] { "", $"'{e}'", "Google Sheets API request was forbidden.", "Have you enabled the Google Sheets API?.", e.Error.Message, "Continuing without exporting to Google Sheets.", "" })); } else if (e.Error.Code == 404) { Debug.WriteLine(string.Join("\n\n", new string[] { "", $"'{e}'", "The Google Sheet could not be found.", "Check export.googleSheets.id is set correctly in settings.json", e.Error.Message, "Continuing without exporting to Google Sheets.", "" })); } else if (e.Error.Code == 400) { Debug.WriteLine(string.Join("\n\n", new string[] { "", $"'{e}'", "The data range or sheet/tab name within the Google Sheet could not be found.", "Check export.googleSheets.sheet is correctly set to the sheet/tab name in settings.json", "The default is usually 'Sheet1'", e.Error.Message, "Continuing without exporting to Google Sheets.", "" })); } else { throw; } } catch (System.ArgumentException e) { if (e.ParamName == "pkcs8PrivateKey") { Debug.WriteLine(string.Join("\n\n", new string[] { "", $"'{e}'", "Invalid Google Service Account API Key.", "Check export.googleSheetsServiceAccount.private_key is set correctly in settings.json", e.Message, "Continuing without exporting to Google Sheets.", "" })); } else { throw; } } }