DEVHIDE
Login Or Sign up

Replacing Google Apps Provisioning API

258 Views Asked by At

In my organization we have an in-house developed web application that relies on the Google apps provisioning API to allow our level 1 IT department to manage email accounts and email groups. However, since google deprecated the API in favour of the Admin's SDK Directory API some of the functionality of our web application has stopped working, so it's time to start re-writing the back end of the web application.

However, the problem we're facing is that the new API uses oAuth 2.0 authentication, where as the old API I could just hard code an admin user and get an authorization token, the whole idea was to minimize the amount of users and credentials with admin privileges to the domain.

So the question is, is there any way that I can have this 'dummy' user authorize the app once and never again to have a similar architecture like what we had before? though I admit the better question is: what is the best practice to follow in this case?

api google-oauth google-provisioning-api google-directory-api
Original Q&A
1

There are 1 best solutions below

0
On

The authentication flow that best suits your case is two-legged-oauth. With oauth 2.0, you need to set up Service Account Credentials.

To build the admin service with Service Account Credentials:

import httplib2
import sys

from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials

def main(argv):
  # Load the key in PKCS 12 format that you downloaded from the Google API
  # Console when you created your Service account.
  f = file('key.p12', 'rb')
  key = f.read()
  f.close()

  # Create an httplib2.Http object to handle the HTTP requests and authorize it
  # with the Credentials. Note that the first parameter, service_account_name,
  # is the Email address created for the Service account. It must be the email
  # address associated with the key that was created.

  credentials = SignedJwtAssertionCredentials(
      '[email protected]',
      key,
      scope='https://www.googleapis.com/auth/admin.directory.user')
  http = httplib2.Http()
  http = credentials.authorize(http)

  service = build('admin', 'directory_v1', http=http)

  # Then you can use the service

Related Questions in API

Related Questions in GOOGLE-OAUTH

Related Questions in GOOGLE-PROVISIONING-API

Related Questions in GOOGLE-DIRECTORY-API

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.