0

We are in the role of a SAML IDP in an SSO integration with Google for Work domains. We would like to use the Google Directory API as the interface to authenticate and retrieve attributes for the user identities in the Google for work account. We are using Domain wide delegation of authority to obtain the OAuth Bearer token with the right scopes to call the Directory API. We can successfully call most of the methods exposed in the API. The data model for the User object has get/set on Password and HashFunction. We aren't able to GET the Password and the HashFunction outside of the session that sets the Password and HashFunction. Questions:

  1. Do we need to assume/set some privilege or role in order to successfully get the Password and Hash function?
  2. For existing users, is there a way through the Directory API to authenticate them without requiring a password change

Thanks for your help!

Sandip Ghosh
  • 3
  • 1
anonymous developer
  • 398
  • 3
  • 17
  • Can you please clarify what you want to do? In ***"GRANT or DENY type of response"***, are you referring to the [privileges and roles](https://developers.google.com/admin-sdk/directory/v1/guides/manage-roles) of the users? – abielita Sep 15 '16 at 15:44
  • GRANT or DENY in the authentication sense. I want to manually authenticate users against their own Google Email & Password combination. Thanks. – anonymous developer Sep 16 '16 at 03:32

0 Answers0