0

Our clients use Google Apps for Education. We are implementing single sign on from Google Apps to our web application, using Google Apps as the identity provider. Due to the security issues related to working with students, it is not possible to allow students to create accounts in our web application using their Google Apps account. Instead, the user accounts in our application store the Google Apps account name.

So far, we have set up OpenID in Google Apps and it is working. The student enters their Google Apps username and password at the Google prompt, then approves the sharing of their username. The application uses the username to match the existing account so the student is logged into the correct account in our application.

Since our web application is trusted by the school district, we would like to eliminate the step where the student approves the sharing of their username. However, we haven't figured out how to do this. Is there a way to configure Google Apps to trust our web application using OAuth 2.0?

We are thinking that 2-legged OAuth may be the way to go. It is described in this article. Is this the correct approach for what we want to do?

Using 2-legged OAuth with Google Tasks API for Google Apps domain administrators

user2634187
  • 1

1 Answers1

0

From what i Read about 2-legged OAuth allowed to access to the user's resources without asking for their permission to do so . if you want to display for example all events from Google calendar of students if you do it by an ordinary way u will need to ask permission from each student to access to their calendar but by using 2-legged OAuth with Google Apps for Education you don't have to .

you find here link more infos about 2-legged OAuth and comparing it with 3 legged Oauth with an example

elmetni
  • 104
  • 10