{"id":13212,"library":"gapitoken","title":"Google API Service Account JWT Token","description":"gapitoken is a Node.js module designed for Google API service account authorization, specifically implementing the Server-to-Server flow using JSON Web Tokens (JWT). The package, currently at version 0.1.5 and last published over a decade ago, facilitates obtaining access tokens by providing service account credentials (email address and private key). It allows the private key to be supplied either as a file path or directly as a string. Historically, it provided a direct method for generating Google-specific JWTs. However, this library is considered abandoned. The current stable approach for Google API authentication in Node.js relies on the official `@google-cloud/google-auth-library` or `googleapis` libraries, which offer more robust, actively maintained, and officially supported authentication methods like Application Default Credentials (ADC), OAuth 2.0, and integrated JWT clients that handle credential management, token refreshing, and a broader range of authentication flows. These modern alternatives provide better security practices, up-to-date compatibility, and ongoing support compared to this unmaintained package.","status":"abandoned","version":"0.1.5","language":"javascript","source_language":"en","source_url":"git://github.com/bsphere/node-gapitoken","tags":["javascript","jwt","jws","google","api","token","service"],"install":[{"cmd":"npm install gapitoken","lang":"bash","label":"npm"},{"cmd":"yarn add gapitoken","lang":"bash","label":"yarn"},{"cmd":"pnpm add gapitoken","lang":"bash","label":"pnpm"}],"dependencies":[],"imports":[{"note":"This package is a CommonJS module and must be imported using `require()`.","wrong":"import GAPI from 'gapitoken';","symbol":"GAPI","correct":"const GAPI = require('gapitoken');"},{"note":"The primary export is a constructor function for GAPI instances; named ESM imports are not supported.","wrong":"import { GAPI } from 'gapitoken';","symbol":"GAPIConstructor","correct":"const GAPI = require('gapitoken');\nconst gapi = new GAPI({...});"}],"quickstart":{"code":"const GAPI = require('gapitoken');\n\nconst SERVICE_ACCOUNT_EMAIL = process.env.GOOGLE_SERVICE_ACCOUNT_EMAIL ?? '';\nconst SCOPES = process.env.GOOGLE_API_SCOPES ?? 'https://www.googleapis.com/auth/cloud-platform';\nconst PRIVATE_KEY_STRING = process.env.GOOGLE_PRIVATE_KEY_STRING ?? '';\n\n// Ensure environment variables are set\nif (!SERVICE_ACCOUNT_EMAIL || !SCOPES || !PRIVATE_KEY_STRING) {\n  console.error('Missing required environment variables: GOOGLE_SERVICE_ACCOUNT_EMAIL, GOOGLE_API_SCOPES, GOOGLE_PRIVATE_KEY_STRING');\n  process.exit(1);\n}\n\nnew GAPI({\n    iss: SERVICE_ACCOUNT_EMAIL,\n    scope: SCOPES,\n    key: PRIVATE_KEY_STRING\n}, function(err) {\n   if (err) { \n     console.error('Failed to initialize GAPI:', err);\n     return;\n   }\n\n   this.getToken(function(err, token) {\n       if (err) {\n         console.error('Failed to get token:', err);\n         return;\n       }\n       console.log('Successfully obtained token:', token);\n   });     \n});","lang":"javascript","description":"This quickstart demonstrates how to initialize `gapitoken` with a service account email, desired scopes, and a private key string (from environment variables), then obtain an access token for Google API authorization."},"warnings":[{"fix":"Migrate to Google's officially supported `google-auth-library` (e.g., `npm install google-auth-library`) for modern, secure, and maintained service account authentication. This library provides Application Default Credentials (ADC), OAuth2, and JWT clients.","message":"The `gapitoken` package is no longer maintained. It has not received updates for over 10 years, meaning it lacks bug fixes, security patches, or compatibility updates for newer Node.js versions or evolving Google API authentication standards. Continued use may expose applications to security vulnerabilities or compatibility issues.","severity":"breaking","affected_versions":">=0.1.5"},{"fix":"Avoid manual `.p12` to `.pem` conversion where possible. Modern Google Cloud authentication typically uses a JSON key file downloaded directly from the Google Cloud Console, which is consumed by the `google-auth-library` and generally does not require `openssl` manipulation for basic setup. When using JSON key files, store them securely and leverage environment variables like `GOOGLE_APPLICATION_CREDENTIALS`.","message":"The README's suggested method for converting `.p12` keys to `.pem` format involves several `openssl` commands, including removing the passphrase. This process is complex and can be a source of errors. Improper handling of private keys, especially removing passphrases from files, can introduce security risks if the key file is compromised.","severity":"gotcha","affected_versions":">=0.1.5"},{"fix":"Utilize environment variables (e.g., `process.env.GOOGLE_PRIVATE_KEY`) or dedicated secret management services (like Google Secret Manager, AWS Secrets Manager, or HashiCorp Vault) to store and retrieve sensitive private key information. When using `google-auth-library`, rely on Application Default Credentials and the `GOOGLE_APPLICATION_CREDENTIALS` environment variable pointing to a service account JSON file.","message":"Embedding raw private key strings directly in application code or configuration files is an insecure practice. The package also allows specifying a `keyFile` path, which still requires careful secret management.","severity":"deprecated","affected_versions":">=0.1.5"}],"env_vars":null,"last_verified":"2026-04-19T00:00:00.000Z","next_check":"2026-07-18T00:00:00.000Z","problems":[{"fix":"Ensure that any HTTP requests made with the token include `Authorization: Bearer <your_token>` in the headers. For example, `headers: { 'Authorization': 'Bearer ' + token }`.","cause":"When using the obtained token with Google APIs, the 'Authorization' header often requires a 'Bearer ' prefix, which `gapitoken` itself does not automatically add to the raw token it provides.","error":"Error: Invalid Credentials"},{"fix":"Verify the `keyFile` path, check file system permissions for the Node.js process, and ensure the `.pem` file was correctly generated from the `.p12` file, with its passphrase removed using `openssl rsa -in key.pem -out key.pem` as per the original README instructions.","cause":"The `keyFile` path is incorrect, the file is unreadable due to permissions, or the `.pem` file is not in the expected format (e.g., still passphrase-protected, or corrupted).","error":"Error: Error reading private key.pem"}],"ecosystem":"npm","meta_description":null,"install_score":null,"install_tag":null,"quickstart_score":null,"quickstart_tag":null,"pypi_latest":null,"cli_name":""}