-1

I am writing a node server where I am using the Google Project and Service account to manage Users in that G-Suite Account. Since the service account is domain-wide delegated with administrator roles enabled, Is it possible to validate the password of the G-Suite User using its G-Suite User ID? If possible what is the API I should use from my node service with service account? If the above is not directly supported what are the alternative ways I can consider to achieve my use case (Use case is to validate the user credential from backend service). Please help.

Thanks, Srini.

Srinivasan
  • 77
  • 1
  • 1
  • 5

2 Answers2

1

I am not aware of any API public or private where you can combine a User ID from any Google service and the account password to do anything.

Having domain-wide delegation to manage/access a user's account is not the same thing as having access to their login credentials.

Do not prompt users for their Google Accounts password. Do not attempt to brute force or use password dictionaries to guess user passwords. Google security services will detect this and then you will have another level of problems to fix.

John Hanley
  • 74,467
  • 6
  • 95
  • 159
0

How exactly would you validate a users password using a service account even if the password field was available to you which it isn't because that would be bad it would already be inserted at the time and the user would have moved on. Are you going to send them an email after the fact telling them their password is bad?

The application where they enter their password should be testing that the password is valid. Being that this is their google account then its probably already done by Google.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • @DalmTo, Thinking one of kind, How the Third party SSO like Jump cloud works to validate Google's User credential upon register with them. – Srinivasan Jan 13 '20 at 07:23
  • I really hope you are not logging a user typing in their google password into your application. – Linda Lawton - DaImTo Jan 13 '20 at 07:25
  • @Srinivasan - They don't. The user logs into their Google Account and grants permission to the SSO. The SSO does not see, access or know the user's login credentials. – John Hanley Jan 13 '20 at 07:26
  • The third party only gets back the basic user information from the identity server about the users identity (profile) your not getting a password back. – Linda Lawton - DaImTo Jan 13 '20 at 07:27
  • @DalmTo and @ Johnhanley, in that case what is the default or the standard way of Authenticating a user form backend node server Please provide some reference. will all that ways involves user intervention? I prefer a way which does not involves user's intervention. – Srinivasan Jan 13 '20 at 09:48
  • YOu cant log a user in without users involvement thats the whole point of authentication . I think you are confusing authorization and authentication – Linda Lawton - DaImTo Jan 13 '20 at 10:23
  • I believe this article is useful https://developers.google.com/gsuite/marketplace/requirements GSuite users requiere the use of OAuth 2.0 – Ernesto U Jan 13 '20 at 18:28