On Wednesday, January 18, 2012 7:07:43 AM UTC-5, Shraddha Gupta wrote: > > Hello Max, > > You are right that User Provisioning API is used to update the password > for the users in the Google Apps domain. > > Lets go through your problems one by one: > > - Only read access is possible by 2-legged OAuth in the Provisioning > API. > > > - You don't need to use ClientLogin. Infact, we recommend not to use > ClientLogin. > > Please use 3-legged OAuth with the Provisioning API. But then > you will require to get the new passwords and save them before you run a > script to update passwords from your end. > As 3-legged OAuth requires the admin to authorize the request, > the script must be executed by the admin as it requires admin to be logged > in. >
I see. However, http://code.google.com/apis/gdata/docs/auth/oauth.html#Examples says that "To authorize a request token, your application must redirect the user to the OAuthAuthorizeToken<http://code.google.com/apis/accounts/docs/OAuth_ref.html#GetAuth> URL, which prompts them to log into their Google account." (the user being, in this case, an admin -- right?). I see two issues with this: - How do I do that when the program that's running is not a webapp, but a barely interactive script? - On the webapp side, it's not an admin performing the password change operation. It's the users themselves, without admins being involved -- it's a simple "change my password" link. Wouldn't three-legged OAuth require them to sign in to an admin's account in order to perform the change? Or is there something I don't understand properly? > > - CAPTCHA challenge usually occurs in ClientLogin if you authorize the > service multiple times. Authorize the service just once and use the > authorized service in all your methods. > > > - The passwords must be a minimum of 8 characters in length and > maximum 100. The Limits > section<http://code.google.com/googleapps/domain/provisioning_API_v2_developers_guide.html#Limits>of > the Provisioning API Developers Guide lists these limits. In your > application, you can add a precondition for the passwords entered and only > accept the correct length passwords. > > Great, thanks! -- Max -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/LYbYC5l2HM8J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
