Admin-sdk with marketplace does not work

Question

I was trying to build a market place application with admin-sdk.

Reading the docs, it looks like two legged authentication is the only way to go as far as market place apps are concerned.

Wanted to check if the current user is an admin so for that, I wanted to use

https://www.googleapis.com/admin/directory/v1/users/(useremail)?xoauth_requestor_id=(admin-email)

I was trying both to be the same and to be that of the admin

The Authorization header is also as follows.

OAuth realm="", oauth_signature_method="HMAC-SHA1", 
oauth_version="1.0", oauth_consumer_key="<key from market place>",
oauth_nonce="4473365854789985180", oauth_timestamp="1380453874",
scope="https://www.googleapis.com/auth/admin.directory.user", 
oauth_signature="yEcbWIp5f1nNFaUI8vSxn1NYlzw="

When this request is made to the url I am getting error saying.

"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"

I looked for apis to get it done but could not find for two legged with admin-sdk. Could someone please help me tackle the problem ?

Also can such a feature be done by using service accounts ?

I also wanted to, in the end have the admin-sdk to be used golang in the end.

Answer 1

Marketplace still uses OAuth 1.0. So I don't think you can really use service account as it is really for OAuth 2.0.

Have you checked out these two documents? https://developers.google.com/accounts/docs/OAuth#GoogleAppsOAuth https://developers.google.com/gdata/docs/auth/oauth#2LeggedOAuth

Anyway, you want to make sure you are using the clientID and client secret that has Admin SDK enabled you generated from API console. Additionally, have you also had the clientID enabled with the Admin SDK scope in Manage Third Party OAuth in Admin console?

I was able to make the following call with no problems:

https://www.googleapis.com/admin/directory/v1/users/user@domain.com?xoauth_requestor_id=admin@domain.com&key=APIkey_from_API_console