When using Google Calendar's API, we would like to move from Oauth2 at user level to limited domain-wide delegation. That is, we would like delegation to allow us access only to resources belonging to certain users or certain groups of users, not the whole domain. Is this possible?
Asked
Active
Viewed 59 times
0
1 Answers
2
No, Domain Wide delegation is for the account and not for selected users.
I do not recommend your strategy of moving from OAuth user accounts to OAuth service accounts with domain-wide delegation. This type of access should be restricted to applications that interface with G Suite to provide added benefits and not as a method of accessing user data.
John Hanley
- 74,467
- 6
- 95
- 159
-
Thanks John. I understand your point, unfortunately in our use-case user Oauth2 flows create massive friction. :( I think more granularity in API scopes and the ability to delegate to groups of users would make things a lot smoother when working with enterprise customers. – Konrad Oct 22 '19 at 11:49