Skip to content

Instantly share code, notes, and snippets.

Created August 23, 2013 18:20
Show Gist options
  • Save gsainio/6322375 to your computer and use it in GitHub Desktop.
Save gsainio/6322375 to your computer and use it in GitHub Desktop.
Sample perl code to use service accounts and oauth2 with Google's Admin SDK API.
#!/usr/public/bin/perl -w
use strict;
use JSON;
use JSON::WebToken;
use LWP::UserAgent;
use HTML::Entities;
my $private_key_string = q[-----BEGIN PRIVATE KEY-----
my $time = time;
my $jwt = JSON::WebToken->encode({
# your service account id here
iss => '',
scope => '',
aud => '',
exp => $time + 3600,
iat => $time,
# To access the google admin sdk with a service account
# the service account must act on behalf of an account
# that has admin privileges on the domain
# Otherwise the token will be returned but API calls
# will generate a 403
prn => '',
}, $private_key_string, 'RS256', {typ => 'JWT'}
# Now post it to google
my $ua = LWP::UserAgent->new();
my $response = $ua->post('',
{grant_type => encode_entities('urn:ietf:params:oauth:grant-type:jwt-bearer'),
assertion => $jwt});
unless($response->is_success()) {
die($response->code, "\n", $response->content, "\n");
my $data = decode_json($response->content);
# The token is added to the HTTP authentication header as a bearer
my $api_ua = LWP::UserAgent->new();
$api_ua->default_header(Authorization => 'Bearer ' . $data->{access_token});
# get the details for a user
my $api_response = $api_ua->get('' .encode_entities(''));
if($api_response->is_success) {
my $api_data = decode_json($api_response->content);
use Data::Dumper;
print Dumper($api_data);
} else {
print "Error:\n";
print "Code was ", $api_response->code, "\n";
print "Msg: ", $api_response->message, "\n";
print $api_response->content, "\n";
Copy link

jjtoth commented Apr 8, 2015

The URL to post to is now '". (Which is in there twice -- probably better if it was in a variable.)

Copy link

This is a very useful piece of code.
I’m a sporadic PERL user and have been attempting to use JSON::WebToken to update users in Google. All of the OAUTH set up works fine but my JSON payload never gets executed. I get a 200 OK status but not updates.

my $jwt = JSON::WebToken->encode({email => '',
ipWhitelisted => JSON::true
}, $private_key_string, 'RS256', {typ => 'JWT'});

my $service_url = '';

my $req = new HTTP::Request('PATCH',$service_url);
$req-> content($jwt);

my $api_response = $api_ua->request($req);

print "result: \n" . $api_response->status_line . "\n";

Also it’s unclear how I would code nested JSON e.g.

my $jwt = JSON::WebToken->encode({email => '',
ipWhitelisted => JSON::true,
name => {familyName => ‘blah’, givenName => ‘blah’},
}, $private_key_string, 'RS256', {typ => 'JWT'});

It’s probably my lack of PERL knowledge but any help would be appreciated

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment