3

We have web app for internal usage and want to add auth with google. So the authentication part was quite simple. I followed this tutorial

But authorization part is not obvious for me. We have different roles in our system and want to give different roles to each google account and manage them there. I want to use auth groups with scope https://www.googleapis.com/auth/groups So I have two questions, are the groups the right choice, I mean can we authenticate user by checking what group is he part of? Would be very thankful for any links for the authorization part

mondayguy
  • 973
  • 2
  • 12
  • 34
  • 1
    The easy approach is to store roles for an account in your own database. To authorize, use authenticated id to find roles and check for the required role. –  Mar 03 '22 at 06:34
  • @Zombo yep, we do it already. But the aim is to manage all this things in one place(i.e. google) – mondayguy Mar 03 '22 at 06:43
  • What do you need to manage through Google when user ids and roles are stored in your own database? The one place is your application. –  Mar 03 '22 at 06:53
  • @Zombo we want to get rid of auth process on our side because many processes are already through our google accounts – mondayguy Mar 03 '22 at 06:56

1 Answers1

-1

I found this in python

Google Admin SDK: Get a list of groups that a user belongs to

I haven't test it, but I think this is the way in go:

package main

import (
    "context"
    "fmt"

    admin "google.golang.org/api/admin/directory/v1"
    "google.golang.org/api/option"
)

func main() {
    service, err := admin.NewService(context.Background(), option.WithCredentialsFile("cred.json"))
    if err != nil {
        panic(err)
    }
    g, err := service.Groups.List().Customer("mail@example.com").Domain("example.com").Do()
    if err != nil {
        panic(err)
    }
    fmt.Println(g)
}

source : https://github.com/googleapis/google-api-go-client/blob/main/admin/directory/v1/admin-gen.go

Rahmat Fathoni
  • 1,272
  • 1
  • 2
  • 8