What privileges are required to call the directory.user.update api?
Asked Answered
B

1

1

Our organization uses SAML for SSO into Google Apps. In order to use SSO we must manage the change password functionality through APIs. Since the Provisioning API has been deprecated in favor of the Admin SDK Directory API, I am developing against this API.

The flow I am developing is that the end user will login using Google OAuth2 into my application. Then, using the users access token I am attempting to call the https://www.googleapis.com/admin/directory/v1/users/ API to put a new password, but I get an error 403 "Not Authorized to access this resource/api".

My question is, what privilege is required for the user to be able to update their own password? When calling this API with GET I am able to retrieve my user information successfully, but trying to put a new password (or any other field for that matter) fails.

Here is an example of my request and response: Request:

PUT https://www.googleapis.com/admin/directory/v1/users/user%40domain.org?key={YOUR_API_KEY}

Content-Type:  application/json
Authorization:  Bearer ya29.AHES6ZT_7onp48edpClD72X-*************************
X-JavaScript-User-Agent:  Google APIs Explorer

{
  "password": "wlKsf.##2af"
}

Response:

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "forbidden",
    "message": "Not Authorized to access this resource/api"
   }
  ],
  "code": 403,
  "message": "Not Authorized to access this resource/api"
 }
}
Bureaucrat answered 18/7, 2013 at 21:54 Comment(0)
E
2

Only super admins, delegated admins and resellers can access the Admin SDK Directory API.

I suggest creating a delegated admin that only has access to update users via the API and then having your web application utilize an OAuth token created for this delegated admin.

Enrollee answered 20/7, 2013 at 1:34 Comment(1)
Jay, thank you for the response, that makes sense that I could not change my own password. I just tested again on a test account and it worked correctly.Bureaucrat

© 2022 - 2024 — McMap. All rights reserved.