add oauth2l test

2019-07-23 01:12:46 -06:00 · 2019-07-23 01:12:46 -06:00 · 27315be014
parent 22c1e761e0
commit 27315be014
--- a/README.md
+++ b/README.md
@ -15,6 +15,16 @@ Implementation Details
 -   https://cloud.google.com/service-usage/docs/getting-started#api
 -   https://github.com/google/oauth2l

+# Test This First!
+
+Edit the file `oauth2l-test-token.sh`
+
+Change the location of `service_account.json` to whatever it needs to be.
+
+Change the `project` to the name of your project.
+
+If that doesn't work, something is wrong with your credentials, nothing else will work.
+
 # Usage

 First you create an instance with your credentials:
--- a/lib/auth.js
+++ b/lib/auth.js
@ -28,7 +28,8 @@ module.exports.generateToken = function(serviceAccount) {
 				kid: sa.private_key_id
 			},
 			claims: {
-				aud: 'ndev.clouddns.readwrite',
+				//aud: 'ndev.clouddns.readwrite',
+				aud: 'https://www.googleapis.com/auth/ndev.clouddns.readwrite',
 				sub: sa.client_email
 			}
 		});
--- a/oauth2l-test-token.sh
+++ b/oauth2l-test-token.sh
@ -0,0 +1,17 @@
+#!/bin/bash
+
+# If your service_account.json is correct you should definitely be able to get a token
+# using Google's official tool. If this fails, it will definitely fail with our own.
+
+set -e
+
+export GOOGLE_APPLICATION_CREDENTIALS=$HOME/Downloads/service_account.json
+project=example-change-me
+
+token=$(oauth2l fetch ndev.clouddns.readwrite)
+echo $token
+curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"
+
+token=$(oauth2l fetch --jwt https://www.googleapis.com/auth/ndev.clouddns.readwrite)
+echo $token
+curl -fL "https://www.googleapis.com/dns/v1/projects/$project/managedZones" -H "Authorization: Bearer $token"