堆栈内存溢出
  简体   繁体   English

取代Google Apps Provisioning API

[英]Replacing Google Apps Provisioning API

 原文  2014-06-03 15:43:55       api/ google-oauth/ google-provisioning-api/ google-directory-api

问题描述

In my organization we have an in-house developed web application that relies on the Google apps provisioning API to allow our level 1 IT department to manage email accounts and email groups. 在我的组织中,我们有一个内部开发的Web应用程序,该应用程序依靠Google Apps Provisioning API来允许我们的1级IT部门管理电子邮件帐户和电子邮件组。 However, since google deprecated the API in favour of the Admin's SDK Directory API some of the functionality of our web application has stopped working, so it's time to start re-writing the back end of the web application. 但是,由于google不推荐使用该API,而推荐使用Admin的SDK Directory API ,因此我们的Web应用程序的某些功能已停止工作,因此现在该开始重新编写Web应用程序的后端了。

However, the problem we're facing is that the new API uses oAuth 2.0 authentication, where as the old API I could just hard code an admin user and get an authorization token, the whole idea was to minimize the amount of users and credentials with admin privileges to the domain. 但是,我们面临的问题是,新API使用oAuth 2.0身份验证,就像旧API一样,我仅可以对管理员用户进行硬编码并获得授权令牌,所以整个想法是使用域的管理员权限。

So the question is, is there any way that I can have this 'dummy' user authorize the app once and never again to have a similar architecture like what we had before? 所以问题是,有什么方法可以让这个“虚拟”用户一次授权该应用程序,而永远不会再拥有与以前相似的体系结构? though I admit the better question is: what is the best practice to follow in this case? 尽管我承认更好的问题是:在这种情况下应遵循的最佳实践是什么?

1 个解决方案

解决方案1
 1  2014-10-24 10:18:10

The authentication flow that best suits your case is two-legged-oauth. 最适合您的情况的身份验证流程是two-leged-oauth。 With oauth 2.0, you need to set up Service Account Credentials . 使用oauth 2.0时,您需要设置服务帐户凭据

To build the admin service with Service Account Credentials: 要使用“服务帐户凭据”构建管理服务,请执行以下操作: 

import httplib2
import sys

from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials

def main(argv):
  # Load the key in PKCS 12 format that you downloaded from the Google API
  # Console when you created your Service account.
  f = file('key.p12', 'rb')
  key = f.read()
  f.close()

  # Create an httplib2.Http object to handle the HTTP requests and authorize it
  # with the Credentials. Note that the first parameter, service_account_name,
  # is the Email address created for the Service account. It must be the email
  # address associated with the key that was created.

  credentials = SignedJwtAssertionCredentials(
      'XXXXX@developer.gserviceaccount.com',
      key,
      scope='https://www.googleapis.com/auth/admin.directory.user')
  http = httplib2.Http()
  http = credentials.authorize(http)

  service = build('admin', 'directory_v1', http=http)

  # Then you can use the service

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在不配置api的情况下登录google应用和我自己的网站 - how to sign in to google apps and my own site without provisioning api API 与 Google 脚本应用程序 - API with Google Script Apps Google Apps活动API:403 - Google Apps Activity API: 403 Google Apps脚本和外部API - Google Apps Script and External API 使用Java设置Api - Provisioning Api using Java Google Apps Script API机架空间DNS - Google Apps Script API rackspace DNS 在隐藏 Google API 密钥的情况下在 Netlify 中部署应用程序 - Deploying apps in Netlify with Google API key hidden 使用Google Apps脚本的Mashape API出现问题 - Trouble with Mashape API using Google Apps Script 无法将 Google Apps 脚本连接到格子 API - Unable to connect Google Apps Script to Plaid API 在Distance Matrix中使用Google Apps API密钥 - Using a Google Apps API key with Distance Matrix
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM