GoogleCloudPlatform · kelsk · Apr 3, 2020 · Apr 3, 2020 · Apr 3, 2020 · Apr 3, 2020
diff --git a/run/authentication/auth.js b/run/authentication/auth.js
@@ -0,0 +1,61 @@
+// Copyright 2020 Google LLC
+//
+// Licensed under the Apache License, Version 2.0 (the "License");
+// you may not use this file except in compliance with the License.
+// You may obtain a copy of the License at
+//
+//     https://www.apache.org/licenses/LICENSE-2.0
+//
+// Unless required by applicable law or agreed to in writing, software
+// distributed under the License is distributed on an "AS IS" BASIS,
+// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+// See the License for the specific language governing permissions and
+// limitations under the License.
+
+function main(receivingServiceURL = 'YOUR_RECEIVING_SERVICE_URL') {
+// [START run_service_to_service_auth]
+
+// Import the Metadata API
+const gcpMetadata = require('gcp-metadata')
+const got = require('got');
+
+// TODO(developer): Add the URL of your receiving service
+// const receivingServiceURL = 'YOUR_RECEIVING_SERVICE_URL''
+
+const requestServiceToken = async () => { 
+  try {
+
+    // Set up the metadata server request options
+
+    const metadataServerTokenPath = 'service-accounts/default/identity?audience=' + receivingServiceURL;
+    const tokenRequestOptions = {
+      headers: {
+        'Metadata-Flavor': 'Google'
+      }
+    };
+
+    // Fetch the token and then provide it in the request to the receiving service
+    const token = await gcpMetadata.instance(metadataServerTokenPath, tokenRequestOptions);
+    const serviceRequestOptions = { 
+      headers: {
+        'Authorization': 'bearer ' + token
+
+      }
+    };
+
+    const serviceResponse = await got(receivingServiceURL, serviceRequestOptions);
+    return serviceResponse;
+
+  } catch (error) { 
+    console.log('Metadata server could not respond to query ', error);
+    return error;
+
+  }
+};
+
+// [END run_service_to_service_auth]
+
+requestServiceToken();
+};
+main();
+
diff --git a/run/authentication/package.json b/run/authentication/package.json
@@ -0,0 +1,21 @@
+{
+  "name": "nodejs-auth",
+  "version": "1.0.0",
+  "description": "Cloud Run service-to-service authentication",
+  "main": "index.js",
+  "private": true,
+  "scripts": {
+    "start": "node index.js",
+    "test": "test"
+  },
+  "author": "krippaehne",
+  "license": "Apache-2.0",
+  "dependencies": {
+    "express": "^4.16.4",
+    "gcp-metadata": "^4.0.0",
+    "got": "^10.7.0"
+  },
+  "devDependencies": {
+    "mocha": "^7.0.0"
+  }
+}