0

after completing the oauth openid authentication I want to list the roles (or groups) the user is part of. I tried adminSDK api but that is only for account admin (this is what i understood).

I want to list the user's roles once authenticated and I have the access_token.

I tried AdminSDK but that was only for account admin or gcp admin from what I understood.

Shashank Shekhar
  • 1
  • 1
  • Why do you need to list the roles? And the roles on which resources? On a project? On a folder? on something else? – guillaume blaquiere Feb 01 '23 at 22:06
  • @guillaumeblaquiere my requirement is that I have created a platform where I want to login using authorization code method and I need the logged in user's name and role/group. Now I am able to get the name using the userinfo endpoint but not able to get the group/role name, and the logged in user may not be the admin so I am not able to use admin SDK – Shashank Shekhar Feb 03 '23 at 05:11
  • To have a view on the organisation/administration of the project, you must be admin. The users use the app. If they have to access to their group, they must be group admin. If they must see their IAM permission, they must be IAM role reviewer. It's a lot of permissions. – guillaume blaquiere Feb 03 '23 at 09:39
  • @guillaumeblaquiere now I am able to get all the users and their respective roles in the project using `gcloud projects get-iam-policy --filter="bindings.members:" --flatter="bindings[].members" --format="table(bindings.role)"` but I want the rest API call for this. at [this link](https://cloud.google.com/resource-manager/reference/rest/v1/projects/getIamPolicy) I found `POST https://cloudresourcemanager.googleapis.com/v1/projects/{resource}:getIamPolicy` but I am not able to add any filter in this. please help if you have idea on this – Shashank Shekhar Feb 07 '23 at 10:41
  • Add `--log-http` at your gcloud command to see the exact API calls performs to GCP. Sometime, filter is not implemented in the API and it is implemented in the GCLOUD CLI itself. If it's the cases here, it also means you have to implement it in your code if you use directly the API. – guillaume blaquiere Feb 07 '23 at 10:45

0 Answers0