Templates Plugins Courses

Need Help With Easy Google JWT Plugin

Hello:

I purchased this plugin of yours, https://bubble.io/plugin/easy-google-jwt-1553988006484x522148132142186500, to make my life simpler with Google.

The instructions are pretty unclear. How do I go about making the new calls using the returned bearer token?

I.e.: how do I setup the API Connection using Bubble’s API Connector plugin.

Such as: which authentication type, etcetera.

Thanks

Hi @nicholasrbarrow,

Thanks for reaching out! Have you checked our demo and its editor to preview how everything is set?

Firstly, you need to go to your Google Cloud Console and create a new service account for your project. Remember to select JSON as the option for the key & paste the entire contents of the JSON file into the plugin’s settings.

Here you’ll need to paste with your own key.

And then simply use Get Access Token action, on a button click for example:

Then retrieve the returned values from that action, in custom states for example:

And you can display them later on, or use it as you wish dynamically:

image

Hope it helps :pray:

Best,
Alex

Thanks for replying so quick @alexander:

I’ve got all that working 100%. I’m trying to make a call to Google’s Directory API, and from what I can tell, I may need to imitate myself as the super admin. Not sure if this is possible with the plugin.

I know I can make this get call:
GET https://www.googleapis.com/admin/directory/v1/users/[userkey]?access_token=[access_token]

I assume the access_token param would be what your plugin generates. I keep getting an error:
Status code 403
{
“error”: {
“code”: 403,
“message”: “Not Authorized to access this resource/api”,
“errors”: [
{
“message”: “Not Authorized to access this resource/api”,
“domain”: “global”,
“reason”: “forbidden”
}
]
}
}

I think I need to possibly “sub” myself as described here: https://stackoverflow.com/questions/18706339/received-error-not-authorized-to-access-this-resource-api-when-trying-to-use-g?rq=1

Any help is greatly appreciated!

@alexander after some more research, it looks like I would need to be able to add a single claim to the claim set: “sub” and then “[email protected]
From:
https://www.soliantconsulting.com/blog/google-oauth-2-service-account/
OR
https://developers.google.com/admin-sdk/directory/v1/guides/delegation#python

This will allow someone to impersonate a user on their domain. Even with domain-wide delegation enabled, I believe certain API’s (Directory, etc) require you to impersonate a user, via the sub claim.

If ZeroQode has the ability to quickly add it, that would be awesome. Otherwise, I’m willing to perform the work on the plugin for free just so we can use it, plus everyone would have the ability to use it that way.

Assuming you have the plugin set-up according to Google (https://developers.google.com/identity/protocols/oauth2/service-account), somewhere in the plugin you have something that looks like this to build the token:

{“alg”:“RS256”,“typ”:“JWT”}.
{
iss":"[email protected]account.com”,
“scope”:“https://www.googleapis.com/auth/prediction”,
“aud”:“https://oauth2.googleapis.com/token”,
“exp”:1328554385,
“iat”:1328550785
}.

I’m simply in need to this, where “kid” = serviceID and “sub” can be user-defined:

{
“alg”: “RS256”,
“typ”: “JWT”,
“kid”: “abcdef1234567890”
}
.
{
“iss”: “[email protected]”,
“sub”: “[email protected]”,
“aud”: “https://firestore.googleapis.com/”,
“iat”: 1511900000,
“exp”: 1511903600
}
See: https://developers.google.com/identity/protocols/oauth2/service-account#jwt-auth

Thanks

Hi @nicholasrbarrow,

Thanks for your feedback with these details. Unfortunately, it is not possible to accomplish it with our plugin. I’m afraid it is not possible to work on the plugin either, but we’ll consider your feedback for future possibility of improvements, if feasible. :pray:

Best,
Alex