My app requires additional setup by the admin for the users to start using it. I am aware of the setup url for admins when they install the app in the Google Apps Marketplace but I want to be sure only admins can get to my endpoint. All I have found so far for finding out whether a user is an is admin using GET https://www.googleapis.com/admin/directory/v1/users/userKey in the ADMIN SDK.
However this is problematic for several reasons: only admins can get the full resource that would contain the "isAdmin" field, the resource contains a lot of sensitive info like login details or phone numbers that I don't need access to and because it is a sensitive scope it would also require my app to be verified by google which otherwise wouldn't be necessary.
Is there a better way to find out whether a user is an admin (requiring less sensitive scopes)? Also it would also be useful to know the customerId (i.e. the immutable id for their organization) for anyone using my app, to be able to identify them with their organization. I am using the user's hosted domain for this now but as the domain can change an immutable id would be much better suited. Is there a way to get the customerId besides using GET https://www.googleapis.com/admin/directory/v1/users/userKey (which only admins can do if I want the customerId anyway).
Asked
Active
Viewed 261 times
3
HumbleCatcher
- 31
- 4