What is the URL to authenticate Gsuite users using curl?

2.5k views Asked by At

I want to authenticate Gsuite users in order for them to be able to create groups from my company's application, I have to do so using CURL, what URL should I send a post request to?

For example, if I want to login a user to Google plus, I would hit this url

CURLOPT_URL => "https://www.googleapis.com/plus/v1/people/me?access_token=" . $access_token,

What url is for Gsuite?

1

There are 1 answers

2
John Hanley On BEST ANSWER

If your goal is to retrive the information about a user in G Suite:

CURLOPT_URL => "https://www.googleapis.com/admin/directory/v1/users/[email protected]?access_token=" . $access_token;

Note: Please consult the Directory API on how delegation is performed. This is required. Normal Access Tokens will not work without Domain-wide Delegation enabled.

Your credentials (Access Token) will need the correct scopes:

https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user

Your credentials will need the correct delegation.

Python example:

SCOPES = [
        "https://www.googleapis.com/auth/admin.directory.group",
        "https://www.googleapis.com/auth/admin.directory.user"
        ]

key_file = 'google-directory-api-service-account.json'

SERVICE_ACCOUNT_EMAIL = '[email protected]'
ADMIN_EMAIL = '[email protected]'

credentials = service_account.Credentials.from_service_account_file(
                        key_file,
                        scopes = SCOPES)

credentials = credentials.with_subject(ADMIN_EMAIL)

Domain-wide Delegation

See the bottom of this answer for common errors that I have seen when setting up G Suite access.

If your goal is to retrieve information stored within a Google OAuth 2.0 Token:

These urls expects a Google OAuth 2.0 Access Token. The alt=json specifies returning JSON.

Examples that you can test in a command prompt:

curl -k "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN"

curl -k "https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=ACCESS_TOKEN"

There is also the v3 endpoint for :

curl -k "https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ACCESS_TOKEN"

Common problems when setting up API access to G Suite:

  • Access Not Configured. Admin Directory API has not been used in project 123456789012 before or it is disabled.

Go to the Google Cloud Console. Enable the API for Admin SDK.

  • Not Authorized to access this resource/api.

You have not setup Domain-wide delegation correctly.

  • Client is unauthorized to retrieve access tokens using this method

You tried to setup Domain-wide delegation on an existing service account. You need to create a new service account that does not have any IAM Roles assigned.