bmodeprogrammer/JWTAuthAccountService.cls

## JWTAuthAccountService.cls
public class JWTAuthAccountService {

    /*
    {
        "private_key_id": ".....",
        "private_key": "-----BEGIN PRIVATE KEY-----[KEY HERE, REMOVE "\n" LINEBREAKS]-----END PRIVATE KEY-----\n",
        "client_email": ".....@developer.gserviceaccount.com",
        "client_id": "....apps.googleusercontent.com",
        "type": "service_account"
    }
    */
    public String getAccessToken() {

        Http h = new Http();
        HttpRequest req = new HttpRequest();
        HttpResponse res = new HttpResponse();
        req.setEndpoint('https://accounts.google.com/o/oauth2/token');
        req.setMethod('POST');

        req.setHeader('ContentType','application/x-www-form-urlencoded');

        String header = '{"alg":"RS256","typ":"JWT"}';
        String header_encoded = EncodingUtil.base64Encode(blob.valueof(header));

        String claim_set = '{"iss":"[EMAIL ADDRESS GOES HERE]"';
        claim_set += ',"scope":"[URL SCOPE OF GOOGLE API GOES HERE]"';
        claim_set += ',"aud":"https://accounts.google.com/o/oauth2/token"';
        claim_set += ',"exp":"' + datetime.now().addHours(1).getTime()/1000;
        claim_set += '","iat":"' + datetime.now().getTime()/1000 + '"}';

        String claim_set_encoded = EncodingUtil.base64Encode(blob.valueof(claim_set));

        String signature_encoded = header_encoded + '.' + claim_set_encoded;

        String key = '[KEY GOES HERE]';

        blob private_key = EncodingUtil.base64Decode(key);
        signature_encoded = signature_encoded.replaceAll('=','');
        String signature_encoded_url = EncodingUtil.urlEncode(signature_encoded,'UTF-8');
        blob signature_blob =   blob.valueof(signature_encoded_url);

        String signature_blob_string = EncodingUtil.base64Encode(Crypto.sign('RSA-SHA256', signature_blob, private_key));

        String JWT = signature_encoded + '.' + signature_blob_string;

        JWT = JWT.replaceAll('=','');

        String grant_string= 'urn:ietf:params:oauth:grant-type:jwt-bearer';
        req.setBody('grant_type=' + EncodingUtil.urlEncode(grant_string, 'UTF-8') + '&assertion=' + EncodingUtil.urlEncode(JWT, 'UTF-8'));
        res = h.send(req);
        String response_debug = res.getBody() +' '+ res.getStatusCode();
        System.debug('Response =' + response_debug );
        if(res.getStatusCode() == 200) {
            JSONParser parser = JSON.createParser(res.getBody());
            while (parser.nextToken() != null) {
                if ((parser.getCurrentToken() == JSONToken.FIELD_NAME) && (parser.getText() == 'access_token')) {
                    // Move to the value.
                    parser.nextToken();
                    // Return the access_token
                    return parser.getText();
                }
            }
        }
        return 'error';
    }

}
	public class JWTAuthAccountService {

	/*
	{
	"private_key_id": ".....",
	"private_key": "-----BEGIN PRIVATE KEY-----[KEY HERE, REMOVE "\n" LINEBREAKS]-----END PRIVATE KEY-----\n",
	"client_email": ".....@developer.gserviceaccount.com",
	"client_id": "....apps.googleusercontent.com",
	"type": "service_account"
	}
	*/
	public String getAccessToken() {

	Http h = new Http();
	HttpRequest req = new HttpRequest();
	HttpResponse res = new HttpResponse();
	req.setEndpoint('https://accounts.google.com/o/oauth2/token');
	req.setMethod('POST');

	req.setHeader('ContentType','application/x-www-form-urlencoded');

	String header = '{"alg":"RS256","typ":"JWT"}';
	String header_encoded = EncodingUtil.base64Encode(blob.valueof(header));

	String claim_set = '{"iss":"[EMAIL ADDRESS GOES HERE]"';
	claim_set += ',"scope":"[URL SCOPE OF GOOGLE API GOES HERE]"';
	claim_set += ',"aud":"https://accounts.google.com/o/oauth2/token"';
	claim_set += ',"exp":"' + datetime.now().addHours(1).getTime()/1000;
	claim_set += '","iat":"' + datetime.now().getTime()/1000 + '"}';

	String claim_set_encoded = EncodingUtil.base64Encode(blob.valueof(claim_set));

	String signature_encoded = header_encoded + '.' + claim_set_encoded;

	String key = '[KEY GOES HERE]';

	blob private_key = EncodingUtil.base64Decode(key);
	signature_encoded = signature_encoded.replaceAll('=','');
	String signature_encoded_url = EncodingUtil.urlEncode(signature_encoded,'UTF-8');
	blob signature_blob = blob.valueof(signature_encoded_url);

	String signature_blob_string = EncodingUtil.base64Encode(Crypto.sign('RSA-SHA256', signature_blob, private_key));

	String JWT = signature_encoded + '.' + signature_blob_string;

	JWT = JWT.replaceAll('=','');

	String grant_string= 'urn:ietf:params:oauth:grant-type:jwt-bearer';
	req.setBody('grant_type=' + EncodingUtil.urlEncode(grant_string, 'UTF-8') + '&assertion=' + EncodingUtil.urlEncode(JWT, 'UTF-8'));
	res = h.send(req);
	String response_debug = res.getBody() +' '+ res.getStatusCode();
	System.debug('Response =' + response_debug );
	if(res.getStatusCode() == 200) {
	JSONParser parser = JSON.createParser(res.getBody());
	while (parser.nextToken() != null) {
	if ((parser.getCurrentToken() == JSONToken.FIELD_NAME) && (parser.getText() == 'access_token')) {
	// Move to the value.
	parser.nextToken();
	// Return the access_token
	return parser.getText();
	}
	}
	}
	return 'error';
	}

	}