Class: Mysigner::Auth::GoogleOauthMinter

Inherits:

Object

• Object
• Mysigner::Auth::GoogleOauthMinter

Defined in:

lib/mysigner/auth/google_oauth_minter.rb

Overview

Mints a short-lived Google OAuth2 access_token from a service-account JSON key, locally — without going through the MySigner server. The service-account JSON never leaves the caller’s process.

Delegates the JWT mint + assertion exchange + caching to googleauth (Google::Auth::ServiceAccountCredentials), which is already a runtime dependency for the Play Publishing API client.

Defined Under Namespace

Classes: TokenWithExpiry

Constant Summary

DEFAULT_SCOPE =

'https://www.googleapis.com/auth/androidpublisher'

REQUIRED_KEYS =

%w[type client_email private_key project_id].freeze

Instance Method Summary

• #initialize(service_account_json) ⇒ GoogleOauthMinter constructor

  A new instance of GoogleOauthMinter.

• #mint(scope: DEFAULT_SCOPE) ⇒ String

  A non-empty access_token (e.g. “ya29…”).

• #mint_with_expiry(scope: DEFAULT_SCOPE) ⇒ TokenWithExpiry

  Variant that returns both the token and its expiry timestamp, for callers that want to manage caching themselves.

Constructor Details

#initialize(service_account_json) ⇒ GoogleOauthMinter

Returns a new instance of GoogleOauthMinter.

Parameters:

• service_account_json (String, Hash) —

  the raw JSON string or an already-parsed Hash. Validated for required keys.

Raises:

• (ArgumentError) —

  when input is nil/empty, unparseable, or missing any of REQUIRED_KEYS.

# File 'lib/mysigner/auth/google_oauth_minter.rb', line 24

def initialize(service_account_json)
  @json_hash = coerce_to_hash(service_account_json)
  validate_required_keys!(@json_hash)
end

Instance Method Details

#mint(scope: DEFAULT_SCOPE) ⇒ String

Returns a non-empty access_token (e.g. “ya29…”).

Parameters:

• scope (String) (defaults to: DEFAULT_SCOPE) —

  OAuth2 scope. Defaults to the Play Publishing scope used by ‘ship play`. Override for other Google APIs.

Returns:

• (String) —

  a non-empty access_token (e.g. “ya29…”).

# File 'lib/mysigner/auth/google_oauth_minter.rb', line 32

def mint(scope: DEFAULT_SCOPE)
  token_data = fetch_token(scope)
  token_data['access_token'] || token_data[:access_token]
end

#mint_with_expiry(scope: DEFAULT_SCOPE) ⇒ TokenWithExpiry

Variant that returns both the token and its expiry timestamp, for callers that want to manage caching themselves.

Returns:

• (TokenWithExpiry) —

  members :access_token, :expires_at (Time or nil)

# File 'lib/mysigner/auth/google_oauth_minter.rb', line 40

def mint_with_expiry(scope: DEFAULT_SCOPE)
  token_data = fetch_token(scope)
  access_token = token_data['access_token'] || token_data[:access_token]
  expires_in = token_data['expires_in'] || token_data[:expires_in]
  expires_at = expires_in ? Time.now + expires_in.to_i : nil
  TokenWithExpiry.new(access_token, expires_at)
end