Step 1

To start this guide, you'll need a Service Account JSON file from Google Cloud. If you don't have it yet, please take a look at this guide from Google to set everything up in Google Cloud and retrieve the file.

Step 2

Log in to Appfarm Create. Go to Secrets in the left menu, and add the following secrets to the Secret Store.

• Google API Client Email: Secret type should be string. Value be found in the Service Account JSON file as client_email. The email should look something like this: [name]@[project_id].iam.gserviceaccount.com

• Google SA Private Key: Secret type should be a string. Value can be found in the Service Account JSON file as private_key. Include both the beginning and end statements.

• Google API Token: Secret has to be Environment Specific, and secret type should be string. Leave all values empty.

Step 3

Go to Appfarm Create -> Services, and select the service you want to use (or create a new one). Then, create a new service endpoint, which will be used to fetch the Google API Token. Give the endpoint a name and a readable ID.

Go down to "Process action", and click the value field to create a new action. You may name the Action "GetGoogleAPIToken".

Step 4

Go to Sevice Data -> Service Variables and add the following properties (both should have Data Type string:

• Bearer token

• JWT

Step 5

Go back to Actions -> GetGoogleAPIToken, and add a new Action Node "Update Object". Set Data Source to "Service Variables", and data bind the Runtime Property JWT to a function.

Inside the Function Editor, add the two secrets "Google API Client Email" and "Google SA Private Key" as Function Parameters, as well as the library "jsonwebtoken". Parameter names should be googleAPIClientEmail, googleSAPrivateKey and jsonwebtoken respectively. Then, add the following code:

const now = new Date().getTime() / 1000;
const oneHour = 60 * 60;
const expireTime = now + oneHour;

const claimSet = {
   iss: googleAPIClientEmail,
   iat: now,
   sub: googleAPIClientEmail,
   exp: expireTime,
   scope: "https://www.googleapis.com/auth/bigquery",
   aud: "https://oauth2.googleapis.com/token"
}

const privateKey = googleSAPrivateKey;

return  jsonwebtoken.sign(claimSet, privateKey, {algorithm: 'RS256'})

Click "OK" to save the changes.

Step 6

Add a new Action Node "Web Request". Set the following properties:

• Query Parameters (key, value):

  • grant_type, urn:ietf:params:oauth:grant-type:jwt-bearer

  • assertion, data-bind to Service Variables.JWT

• Method: POST

• Body Type: Raw

In the Result Mapping, set Data Source to Service Variables. In the value field on the Runtime Property "Bearer token", write access_token.

Step 7

Add a new Action Node "Update Secret". Set "Secret" to Google API Token, and Data Bind the value to Service Variables.Bearer token.

Run the service

Now everything is set up to retrieve and save the Bearer token from Google Cloud. You may now run the service. If everything is set up correctly, the token will be added as a value in your secret "Google API Token".