2

I was trying to build a market place application with admin-sdk.

Reading the docs, it looks like two legged authentication is the only way to go as far as market place apps are concerned.

Wanted to check if the current user is an admin so for that, I wanted to use

https://www.googleapis.com/admin/directory/v1/users/(useremail)?xoauth_requestor_id=(admin-email)

I was trying both to be the same and to be that of the admin

The Authorization header is also as follows. 

OAuth realm="", oauth_signature_method="HMAC-SHA1", 
oauth_version="1.0", oauth_consumer_key="<key from market place>",
oauth_nonce="4473365854789985180", oauth_timestamp="1380453874",
scope="https://www.googleapis.com/auth/admin.directory.user", 
oauth_signature="yEcbWIp5f1nNFaUI8vSxn1NYlzw="

When this request is made to the url I am getting error saying.

"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"

I looked for apis to get it done but could not find for two legged with admin-sdk. Could someone please help me tackle the problem ?

Also can such a feature be done by using service accounts ?

I also wanted to, in the end have the admin-sdk to be used golang in the end.

George Thomas
  • 1,246
  • 2
  • 11
  • 14

1 Answers1

2

Marketplace still uses OAuth 1.0. So I don't think you can really use service account as it is really for OAuth 2.0.

Have you checked out these two documents? https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth

Anyway, you want to make sure you are using the clientID and client secret that has Admin SDK enabled you generated from API console. Additionally, have you also had the clientID enabled with the Admin SDK scope in Manage Third Party OAuth in Admin console?

I was able to make the following call with no problems:

https://www.googleapis.com/admin/directory/v1/users/user@domain.com?xoauth_requestor_id=admin@domain.com&key=APIkey_from_API_console

Emily
  • 1,464
  • 1
  • 9
  • 12
  • Did you use some api to get this done or did you a tool like curl to get this done ? I am using the clientID and clientSecret from the marketplace vendor listing. Also added the scope for directory api in the manifest.xml and the admin I tried to install the app in accepted the access. If you could provide snippets of the code or links to the api, it would be really useful for me ? – George Thomas Oct 01 '13 at 11:33
  • Also should we specify the scope with the request in two legged nothing is mentioned in the docs about this or is it to be given only in the scope url ? – George Thomas Oct 01 '13 at 16:13
  • When looking at the console I get browser key is that the one to use? – George Thomas Oct 01 '13 at 17:45
  • Everything worked with the changes suggested. Also it worked without using the key parameter for me. The response comes only when the script is ran from the domain the app is hosted and no where else. I think that was the issue I was facing. – George Thomas Oct 01 '13 at 18:38