0

I am developing a project for Google Apps for Education. It is using domain wide delegation, to access user account's data across a domain.

This is done with the Google Service Accounts (https://developers.google.com/identity/protocols/OAuth2ServiceAccount)

But in order to log the user in, and get his email, i use a normal oAuth login procedure. (https://developers.google.com/identity/protocols/OAuth2WebServer)

This does however result in a consent screen for the user, asking for his email and "Know who you are on Google".

Is there a way to log in the user, and get a object from Google, containing email etc., without showing this consent screen?

Thanks in advance

Djensen
  • 1,337
  • 1
  • 22
  • 32
  • So you want to log in a user without his consent to do so? Sounds like something I don't want anywhere near me. – Arperum Aug 05 '16 at 12:35
  • Yes, but this project/app is only available to specific domains. So a Google domain administrator gives permission for the app, to be able to access and impersonate all users on that Google domain (ex. "www.testdomain.com"). This is done by using the Google Service Accounts, with Domain Wide Delegation. But i still need to log a user in, to know what data i need to present for the user. The consent screen only shows the two scopes described in my question, but my service account has access to a larger range of scopes. (Like drive, calendar, email, profile, classroom etc). – Djensen Aug 05 '16 at 12:50

1 Answers1

1

You should pass the domain in hd= parameter. Soon we are changing the "approval page" to a simple account selection page when only email scope is requested. So this experience will become what you would ideally want, just that user would need to confirm the account with one click (not an approval).

nvnagr
  • 2,017
  • 1
  • 14
  • 11