1

I have developed and published a simple Marketplace App needing access to all members of a domain. I followed the Google Instructions (see http://goo.gl/XvczDQ) and created a service account (for domain-wide delegation of authority). Everything is working if I access the users from my own company / domain. But it is not clear to me what happens if an administrator from a different company installs the app from the Google Marketplace. How can I access the users in the client's domain and how works the service account approach there? What are the further steps?

kowwwa
  • 121
  • 4

2 Answers2

2

I figured it out myself. Provided that the service account is correctly configured with the required scopes: All you have to know is the client's administrator email and the domain. Usually you can get this with the setup url in your marketplace app. Then you have to set the service account user to the administrator's email before you request an access token. That worked for me.

kowwwa
  • 121
  • 4
  • Thanks for sharing. Just to clarify, does this mean that anytime you need to use the service account for a specific domain, you query your database (after install) to find the domain's admin then set the ServiceAccountUser to the admin? I've got a related question here I'm investigating - http://stackoverflow.com/questions/25392897/google-marketplace-app-oauth2-programmatically-delegate-domain-wide-authoriz – djpark Aug 20 '14 at 00:21
  • If this is the correct answer for your question, you should go ahead and accept it by clicking the checkmark on the left side of the answer. – Wesley Bland Apr 23 '15 at 14:15
0

When the admin installs the app, he grants you the authorization to use the service account to impersonate his users.

You can also list the users using the Directory API if you need the complete list of users. Note that you will need to have the relevant Directory API scope in your marketplace app configuration and you will need to impersonate an admin user.

David
  • 5,481
  • 2
  • 20
  • 33
  • I have configured it correctly. But I didn't know how to impersonate an admin user (see my answer). Now it works. – kowwwa Aug 06 '14 at 10:13