Sample code for 30+ languages & platforms
SQL Server

Get Google Cloud SQL Access Token using Service Account JSON Private Key

See more Google Cloud SQL Examples

Demonstrates how to get a Google Cloud SQL access token using a JSON service account private key. Obtaining an access token for a service account requires no user interaction (it does not require a browser, nor callback URI's, etc.).

When an access token expires, an application can be (and should be) designed to automatically fetch a new access token.

Chilkat SQL Server Downloads

SQL Server
-- Important: See this note about string length limitations for strings returned by sp_OAMethod calls.
--
CREATE PROCEDURE ChilkatSample
AS
BEGIN
    DECLARE @hr int
    DECLARE @iTmp0 int
    -- Important: Do not use nvarchar(max).  See the warning about using nvarchar(max).
    DECLARE @sTmp0 nvarchar(4000)
    DECLARE @success int
    SELECT @success = 0

    -- This example requires the Chilkat API to have been previously unlocked.
    -- See Global Unlock Sample for sample code.

    -- First load the JSON key into a string.
    DECLARE @fac int
    EXEC @hr = sp_OACreate 'Chilkat.FileAccess', @fac OUT
    IF @hr <> 0
    BEGIN
        PRINT 'Failed to create ActiveX component'
        RETURN
    END

    DECLARE @jsonKey nvarchar(4000)
    EXEC sp_OAMethod @fac, 'ReadEntireTextFile', @jsonKey OUT, 'qa_data/googleApi/ChilkatCloud-13a07a2e8b3f.json', 'utf-8'
    EXEC sp_OAGetProperty @fac, 'LastMethodSuccess', @iTmp0 OUT
    IF @iTmp0 <> 1
      BEGIN
        EXEC sp_OAGetProperty @fac, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @fac
        RETURN
      END

    -- A JSON private key should look something like this:

    -- 	{
    -- 	  "type": "service_account",
    -- 	  "project_id": "chilkattest-1350",
    -- 	  "private_key_id": "fa2e36ee26986eab628b59868af8bec1d1c64c38",
    -- 	  "private_key": "-----BEGIN PRIVATE KEY-----\nMIIEvgIjFa...28N64N2n1E4FYzBZjSdy\n-----END PRIVATE KEY-----\n",
    -- 	  "client_email": "598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a@developer.gserviceaccount.com",
    -- 	  "client_id": "598922945226-00rb0ppfg0snd9jo7bhvd4v17jtj2d3a.apps.googleusercontent.com",
    -- 	  "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    -- 	  "token_uri": "https://accounts.google.com/o/oauth2/token",
    -- 	  "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    -- 	  "client_x509_cert_url": "https://www.googleapis.com/robot/v1/metadata/x509/598922945226-00rb0ppfg0sndajo6bhvd4v17jtj2d3a%40developer.gserviceaccount.com"
    -- 	}

    DECLARE @gAuth int
    EXEC @hr = sp_OACreate 'Chilkat.AuthGoogle', @gAuth OUT

    EXEC sp_OASetProperty @gAuth, 'JsonKey', @jsonKey

    -- Choose a scope.
    -- Here's the OAuth 2.0 scope information for the Cloud SQL Admin API:
    -- https://www.googleapis.com/auth/sqlservice.admin 	(Read/write access to Cloud SQL.)
    -- https://www.googleapis.com/auth/cloud-platform 	(Instances.import and Instances.export need this additional scope.)
    EXEC sp_OASetProperty @gAuth, 'Scope', 'https://www.googleapis.com/auth/sqlservice.admin'

    -- Request an access token that is valid for this many seconds.
    EXEC sp_OASetProperty @gAuth, 'ExpireNumSeconds', 3600

    -- If the application is requesting delegated access:
    -- The email address of the user for which the application is requesting delegated access,
    -- then set the email address here. (Otherwise leave it empty.)
    EXEC sp_OASetProperty @gAuth, 'SubEmailAddress', ''

    -- Connect to www.googleapis.com using TLS (TLS 1.2 is the default.)
    -- The Chilkat socket object is used so that the connection can be established
    -- through proxies or an SSH tunnel if desired.
    DECLARE @tlsSock int
    EXEC @hr = sp_OACreate 'Chilkat.Socket', @tlsSock OUT

    EXEC sp_OAMethod @tlsSock, 'Connect', @success OUT, 'www.googleapis.com', 443, 1, 5000
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @tlsSock, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @fac
        EXEC @hr = sp_OADestroy @gAuth
        EXEC @hr = sp_OADestroy @tlsSock
        RETURN
      END

    -- Send the request to obtain the access token.
    EXEC sp_OAMethod @gAuth, 'ObtainAccessToken', @success OUT, @tlsSock
    IF @success <> 1
      BEGIN
        EXEC sp_OAGetProperty @gAuth, 'LastErrorText', @sTmp0 OUT
        PRINT @sTmp0
        EXEC @hr = sp_OADestroy @fac
        EXEC @hr = sp_OADestroy @gAuth
        EXEC @hr = sp_OADestroy @tlsSock
        RETURN
      END

    -- Examine the access token:

    EXEC sp_OAGetProperty @gAuth, 'AccessToken', @sTmp0 OUT
    PRINT 'Access Token: ' + @sTmp0

    -- Access token looks like this:  ya29.c.Ko4Bwwe3nG5rUvoBmJwadi ... Br4Ogz0B6qLAjg

    -- We're going to save this access token to a file to be used
    -- by other examples.
    DECLARE @sbToken int
    EXEC @hr = sp_OACreate 'Chilkat.StringBuilder', @sbToken OUT

    EXEC sp_OAGetProperty @gAuth, 'AccessToken', @sTmp0 OUT
    EXEC sp_OAMethod @sbToken, 'Append', @success OUT, @sTmp0
    EXEC sp_OAMethod @sbToken, 'WriteFile', @success OUT, 'qa_data/tokens/google_cloud_sql_access_token.txt', 'utf-8', 0

    EXEC @hr = sp_OADestroy @fac
    EXEC @hr = sp_OADestroy @gAuth
    EXEC @hr = sp_OADestroy @tlsSock
    EXEC @hr = sp_OADestroy @sbToken


END
GO