Login/Register
Getting all groups an user is a member of through oauth (google)
Asked Answered
Solved oauth-2.0google-appsgoogle-groups
C

1

14

I'm building a web-application that lets users login with a google-apps account. I need some userinfo, nr of new e-mails, calendar access and all the groups (in my domain) the user is a member of. The trouble is that i can't find the right scope (and endpoint) to get the groups a user is member of. Does somebody knows if it is possible? And how it's done...

What I got so far: I've played with the Groups-provisioning scope (https://apps-apis.google.com/a/feeds/groups/) the problem is that you have to be an administrator to view the data.. And I want all users to see there memberships... The google oauth playground isn't getting me further (https://code.google.com/oauthplayground/)

Castellano answered 23/7, 2012 at 10:3 Comment(0)
P
6

i had the same problem and figured it out.

  1. needed scope is "https://apps-apis.google.com/a/feeds/groups/"

  2. API request looks like this: "https://apps-apis.google.com/a/feeds/group/2.0/{domain}/{group name}/member" as a header of request use: 'Authorization': "OAuth " + {access_token}

  3. google application account holder must have roles by following manual(reading rule at least):

To enable the Provisioning API for a Next generation control panel:

  1. Log in to your admin account and select Domain settings.
  2. Select the User settings tab.
  3. Select the checkbox enabling the Provisioning API, and save your changes.

To enable the Provisioning API for a current control panel:

  1. Log in to your admin account and select the Users and groups tab.
  2. Select the the Settings subtab.
  3. Select the checkbox to enable the Provisioning API and save your changes.

Domain administrator only has possibility to change this settings.

Polyphony answered 23/7, 2012 at 17:48 Comment(2)
Is it also possible the other way around? What I would like is that I send a request with my domain and a username.. The returned anwser would give me all the groups the given user is a memeber of... (something like: apps-apis.google.com/a/feeds/group/2.0{domain}/member/{memberId}) The playground would let me do that..Castellano
hallo, unfortunately, it's only one way to get groups of user by oauth 2.0, i think. When you have provision API enabled,it's pretty fast to get domain information using threads (async request calls for "apps-apis.google.com/a/feeds/group/2.0/#{domain}/#{group_id}/member"), usefull is refresh_token for admin application account, which can help you caching provision API info, instead of enabling provision api for each account in domain by admin.You found all information in these urls: developers.google.com/accounts/docs/OAuth2WebServer, code.google.com/oauthplaygroundPolyphony

© 2022 - 2024 — McMap. All rights reserved.