How to create a user using directory API with no user behind (OAuth2 or so authentication)

Question

I have an application with users/password (not developed by us) that calls a web service to inform us when a new user is created. This web service should enable us to create automatically a user through the google Directory API service to create an account on the Google Apps For Education.

How can I do that without using OAuth but using only login/password for the admin user of the Google Apps account ?

I know to update CSV file to create/update accounts in Google Apps but would need to create the accounts on Google without doing manual upload and batch.

Thanks for your answer.

Answer 1

The old ClientLogin authentication method for Google APIs is deprecated and is not supported by the Admin SDK Directory API.

You should use OAuth 2.0. Once you have the OAuth 2.0 refresh token for your script, you don't need to reauthenticate the user each time, just grab a new access token if the current one expires.

You may also be able to take advantage of existing applications that already perform the OAuth work for you like GAM.

Answer 2

I just did this exact same thing in a GAfE domain. I needed to create 60,000 accounts quickly, and have them placed in specific organizational units (schools). I'm now putting together a series on how to make sense out of Google Apps for Education using the API explorer and OAuth 2.0.

Basically, you'll need to forget passing user/pass credentials using the API. You'll need to create an OAuth 2.0 ID (web application), and enter a redirect URI (the callback page that will process the request after authorization has been granted). At this point, you'll need to compile a URL string with the following information:

• Base URL for the authorization request
• data scope
• client ID
• response type
• redirect URI

See the example below:

https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/admin.directory.user&client_id=your_client_ID_copied_and_pasted_from_the_API_console&response_type=code&redirect_uri=https://www.example.com/callback.php

Once authorization has been granted, you'll be passed a code in the URL that you'll need to exchange for an ACCESS TOKEN using a POST request to https:// accounts.google.com/o/oauth2/token. The response will include the access token that you can then use in your POST request to the directory.users.insert API.