Вопрос
Background
Our corporate users have a Google Apps account. We would like to allow them (and only them) to log in to an extranet using the Google account. Ideally we would also like to manage permissions through the Google domain management UI. One thought is to create groups and associate group membership with extranet permissions.
Research
Google Apps supports login using OAuth 2.0 and also supports provisioning via API, which would allow us to test if a user is a member of a group. The Provisioning API presumably requires administrator credentials.
Question
Is it possible to programatically determine whether a Google Apps user is a member of a group without requiring domain administrator credentials?
Is there a better way to accomplish this goal?
Решение
The API call to check group membership does require at least a delegated admin with rights to read groups via the API. If you utilize the new Google Admin SDK membership API call, you can also limit the scope to readonly:
https://stackoverflow.com/questions/16601699
italiano
english
français
española
中国
日本の
العربية
Deutsch
한국어
Português
Russianhttps://www.googleapis.com/auth/admin.directory.group.readonly
The Admin SDK utilizes OAuth 2.0 which does not require the delegated admin's username/password, only the OAuth token.
