BIT OF INFO:

We are trying to build a login for students that use Google Classroom, or Google G-Suite for Education. Essentially, a Single Sign-On system. Students and admins will login, I will validate their email extension, which will be unique for their district, and then I will put them in the correct School in our system.

This partitioning of user accounts into licenses in our system happens on the fly as users login, so there is not a need for a large data dump at the beginning.

The users and admins must be routed to the correct schools in our system, because admins run reports and administer users in our system and need to have correct access.

THE ISSUE:

I cannot figure out how to get a users Organizational Units from the Google Services api. Generally, schools will use organizational units as Schools, and assign students to those schools.

So when I authenticate the user with Oauth2

$googleService = new Google_Service_Oauth2($googleClient);
$info = $googleService->userinfo->get();

That works fine, for getting some basic info but does not include the organizational units for that user.

Then when I try to use the Google Directory api, it works fine but only if the user is an administrator

$directory = new Google_Service_Directory($googleClient);
$user = $directory->users->get($userId);

So if the person that is logging in to my application, which will mostly be students, is not an admin then they can't get any information from the Google Directory.

MAIN QUESTION:

How do I get the organizational units for an authenticated user, that is not an Administrator?

Maybe this isn't possible with Google Services, but we do this with half a dozen other services with no issues. Any help is appreciated. Just can't seem to find any information about this on google forums, or code examples.