0

I'm new with the API and I want to get a custom field ScreenConnect form my connection with the OAuth2. I created my project in console.developers.google.com and I have authorized the Admin SDK. In my scope I put https://www.googleapis.com/auth/admin.directory.user.readonly.

But I can't get the variable back. If I try https://www.googleapis.com/admin/directory/v1/customer/my_customer/schemas to retrieve all custom schemas (https://developers.google.com/admin-sdk/directory/v1/guides/manage-schemas). I have the Insufficient Permission: Request had insufficient authentication scopes. But https://www.googleapis.com/admin/directory/v1/users/userKey work fine (https://developers.google.com/admin-sdk/directory/v1/reference/users/get). So the restriction isn't coming from the SDK. I think it's a url error, but I can't understand what's going on.

I solved the error the Insufficient Permission with the scope https://www.googleapis.com/auth/admin.directory.userschema I still can't find out how to get the value of the variable

The33Coder
  • 139
  • 7
  • Hello @The33Coder, which value of which variable are you talking about? Would you mind providing more details about it? That would be of great help! Cheers! – ale13 Apr 20 '20 at 09:40
  • In my users, I have [created personal variables](https://support.google.com/a/answer/6208725?hl=en). One of these variables, contains the name of the group with the permissions and I want to give to this person when he connects to ScreenConnect with the OAuth. In fact, I want to give individual privileges to every user who connects with OAuth. Admin, user, manager... – The33Coder Apr 21 '20 at 08:33

1 Answers1

0

The scope you are using is not the correct one since it only grants readonly access. In order to have access to what you want to achieve, you should be using this:

  • https://www.googleapis.com/auth/admin.directory.user;

Moreover, if you want to retrieve the value set for each custom schema for a user, you will have to make the below GET request, where userKey is the user's email address.

https://www.googleapis.com/admin/directory/v1/users/userKey

In addition to this, you also have to set the customFieldMask parameter with the name of your schema name/s and the projection parameter to custom.

Therefore, for a particular user, your request will look something like this:

GET https://www.googleapis.com/admin/directory/v1/users/THE_EMAIL_OF_THE_USER?customFieldMask=NAME_OF_THE_SCHEMA&projection=custom&key=[YOUR_API_KEY] 

HTTP/1.1

Authorization: Bearer [YOUR_ACCESS_TOKEN]
Accept: application/json

Reference

ale13
  • 5,679
  • 3
  • 10
  • 25