stackoom
  简体   繁体   中英

Replacing Google Apps Provisioning API

 原文  2014-06-03 15:43:55       api/ google-oauth/ google-provisioning-api/ google-directory-api

Question

In my organization we have an in-house developed web application that relies on the Google apps provisioning API to allow our level 1 IT department to manage email accounts and email groups. However, since google deprecated the API in favour of the Admin's SDK Directory API some of the functionality of our web application has stopped working, so it's time to start re-writing the back end of the web application.

However, the problem we're facing is that the new API uses oAuth 2.0 authentication, where as the old API I could just hard code an admin user and get an authorization token, the whole idea was to minimize the amount of users and credentials with admin privileges to the domain.

So the question is, is there any way that I can have this 'dummy' user authorize the app once and never again to have a similar architecture like what we had before? though I admit the better question is: what is the best practice to follow in this case?

1 answers

solution1
 1  2014-10-24 10:18:10

The authentication flow that best suits your case is two-legged-oauth. With oauth 2.0, you need to set up Service Account Credentials .

To build the admin service with Service Account Credentials: 

import httplib2
import sys

from apiclient.discovery import build
from oauth2client.client import SignedJwtAssertionCredentials

def main(argv):
  # Load the key in PKCS 12 format that you downloaded from the Google API
  # Console when you created your Service account.
  f = file('key.p12', 'rb')
  key = f.read()
  f.close()

  # Create an httplib2.Http object to handle the HTTP requests and authorize it
  # with the Credentials. Note that the first parameter, service_account_name,
  # is the Email address created for the Service account. It must be the email
  # address associated with the key that was created.

  credentials = SignedJwtAssertionCredentials(
      'XXXXX@developer.gserviceaccount.com',
      key,
      scope='https://www.googleapis.com/auth/admin.directory.user')
  http = httplib2.Http()
  http = credentials.authorize(http)

  service = build('admin', 'directory_v1', http=http)

  # Then you can use the service

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question how to sign in to google apps and my own site without provisioning api API with Google Script Apps Google Apps Activity API: 403 Google Apps Script and External API Provisioning Api using Java Google Apps Script API rackspace DNS Deploying apps in Netlify with Google API key hidden Trouble with Mashape API using Google Apps Script Unable to connect Google Apps Script to Plaid API Using a Google Apps API key with Distance Matrix
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM