0

I am working with the Google Directory API to retrieve all of the groups that a person is part of for role based privileging in the app I'm working on.

https://developers.google.com/admin-sdk/directory/v1/guides/manage-groups#get_all_member_groups

Our Admin is able to successfully retrieve a list of groups that he is a part of, using the API Explorer, but I am not. I am getting the error below and I'm assuming it is because I am not an Admin.

{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "forbidden",
    "message": "Not Authorized to access this resource/api"
   }
  ],
  "code": 403,
  "message": "Not Authorized to access this resource/api"
 }
}

How do we retrieve the groups a user belongs to? Is there any way to supply an Admin Credentials to retrieve the groups a user belongs to?

Airn5475
  • 2,452
  • 29
  • 51

1 Answers1

1

There's no way for regular users to programmatically retrieve their group membership. I'd recommend creating a delegated admin with priveledges to read groups via the API but nothing else. Also, when doing the OAuth 2.0 request, only the readonly groups scope is needed. Share these credentials with any users that need to get their group membership or have your app make the api call as the delegated user on their behalf.

Jay Lee
  • 13,415
  • 3
  • 28
  • 59
  • Thanks Jay Lee for the response. Do you have a link on how to make the api call as the delegated user without having to share credentials? – Airn5475 Jul 02 '15 at 15:41
  • that depends entirely on the architecture of your app. If it's a web app, your web server may be able to make the call on the backend without exposing the credentials to the users. If it's an installed app, it may be necessary to share the credentials with the users. – Jay Lee Jul 03 '15 at 15:07
  • It's a web app, so the user would not need to deal with credentials. – Airn5475 Jul 05 '15 at 00:02
  • Would I have to use a Service Account? Or can I submit other credentials to the Directory API? – Airn5475 Jul 06 '15 at 13:35