authorize non-admin users to use AdminDirectory using OAuth2

Question

I want to authorize non-admin users to use AdminDirectory (part of Google apps Admin SDK) as a part of a google apps script. Basically I want the users to get a list of other users' full names based on their user name.

I understand I can do this using OAuth2 but I cannot find examples of Google apps script-code for Admin SDK-AdminDirectory.

I have created a service account and have and have my Client ID and key ID. What do I need to do next? I found this https://developers.google.com/api-client-library/javascript/features/authentication but I can't figure out how to get the authorization to work.

Here is a minimal version of my script: (It will produce the full name of user [email protected] for authorized users)

function grupplistor() {     
   var userinfo = AdminDirectory.Users.get("[email protected]");
   Logger.log ([userinfo.name.fullName]);  
      }

Answer 1

You can try using creating the service account and its credentials.

You need to create a service account and its credentials. During this procedure you need to gather information that will be used later for the Google Apps domain-wide delegation of authority and in your code to authorize with your service account. The three items you need are your service account’s:

• Client ID.
• Private key file.
• Email address.

Note: Only users with access to the Admin APIs can access the Admin SDK Directory API, therefore your service account needs to impersonate one of those users to access the Admin SDK Directory API.

Source:

• https://github.com/googlesamples/apps-script-oauth2

• https://github.com/Spencer-Easton/Apps-Script-Drive-Service-Account-Library

Hope this helps

Answer 2

Try:

function grupplistor() {
  var userinfo = AdminDirectory.Users.get({
    userKey: "[email protected]", 
    viewType: "domain_public"});
   Logger.log ([userinfo.name.fullName]);
}

viewType domain_public tells the api to return information about the user that's shared to all other users.

Jay