0

My app provides different access levels to users based on what groups they belong to. Therefore, my app needs access to the Admin SDK's directory_v1/groups/list api. For example, I'd like to call:

https://www.googleapis.com/admin/directory/v1/groups?userKey={USER_EMAIL}&key={YOUR_API_KEY}

I'm weary of enabling the Admin SDK api and generating keys because I don't see any granular controls on what methods the keys are allowed to use.

Is there any way I can get access to what groups a user belongs to without using the Admin SDK, or maybe lock down access to the API so that my app only has access to the list of groups a user belongs to and not the full abilities of the Admin SDK?

Thanks

Mike Noseworthy
  • 3
  • 1
  • If you want to get the info about user's group, you have to use ADMIN SDK which is the only option. But you can limit the access of your APP by using "scopes". For example, if you want to retrieve only list of group, use scope "https://www.googleapis.com/auth/admin.directory.group.readonly". Here is the link for additional info https://developers.google.com/admin-sdk/directory/v1/guides/authorizing – SGC Jan 15 '15 at 18:36

2 Answers2

0

Answer to my problem was found on this question: How to access admin.directory.group via OAuth2 in a cron job?

Also thanks to SGC for providing help as well. Greatly appreciated.

Creating a services account and providing it limited scope solved my problem.

Mike Noseworthy
  • 3
  • 1
0

If you want to get the info about user's group, you have to use ADMIN SDK which is the only option. But you can limit the access of your APP by using "scopes". For example, if you want to retrieve only list of group, use scope "googleapis.com/auth/admin.directory.group.readonly";. Here is the link for additional info developers.google.com/admin-sdk/directory/v1/guides/authorizing

SGC
  • 1,025
  • 1
  • 6
  • 6