Nowadays GADS use 3LO and ClientLogin Methods, however a token is created until it be revogated the api calls can be made, the only action you should require is the first time the administrator setup the application it should generate the Token and add to the application or mantain in appengine source until is revogated.
ClientLogin is not an option for those cases anymore google is discontinuing his use, and suggesting the implementation of OAuth patterns, such as OAuth 1.0 and OAuth 2.0. Regards, Alexandre Jacquet Google Apps Deployment Specialst São Paulo | SP | Brasil Tel.: 55 11 8064 6882 On Fri, Mar 16, 2012 at 3:21 PM, Isidoro! <[email protected]> wrote: > Hi Alex, > Thanks for your comments. > Believe it or not, we do have a use case for this request. > > We're deploying Google Apps in a University and one of their requirements > is to be able to change the username from their own website (along with > password). > Since we use GADS, if we rename in LDAP, this will suspend the user in > Google Apps and create a new user. > > So, we need a way to change the username. If we do use 3LO, the user will > be prompt with an additional username and pass to fill in, so he will be > confused. That's why we plan to use 2LO or ClientLogin (least preferable > option), to hide this extra step for the user. At the end of the day, the > site will be only accessible via University' intranet. > > Best > > On Friday, March 16, 2012 11:00:23 AM UTC+1, Isidoro! wrote: >> >> Hi Guys, >> >> I'm trying to build a PHP application to rename users in Google Apps. I'm >> using Provisioning API and 2LO with Zend. I have problems with access. >> This is my code: >> >> $oauthOptions = array( >> 'requestScheme' => Zend_Oauth::REQUEST_SCHEME_**HEADER, >> 'version' => '1.0', >> 'signatureMethod' => 'HMAC-SHA1', >> 'consumerKey' => $CONSUMER_KEY, >> 'consumerSecret' => $CONSUMER_SECRET >> ); >> >> $consumer = new Zend_Oauth_Consumer($**oauthOptions); >> $token = new Zend_Oauth_Token_Access(); >> $httpClient = $token->getHttpClient($**oauthOptions); >> >> $service = new Zend_Gdata_Gapps($httpClient, $DOMAIN); >> $service->**enableRequestDebugLogging('/**tmp/foo.txt'); >> $updateUser = $service->retrieveUser($USER); >> >> echo 'user to change ' . $updateUser->login; >> >> $updateUser->login->name = 'x1'; >> $updateUser = $updateUser->save(); >> >> If I set the scope to https://apps-apis.google.com/** >> a/feeds/user/#readonly<https://apps-apis.google.com/a/feeds/user/#readonly>I'm >> able to retrieve the user. >> I have disabled from the control panel Two-legged OAuth access control >> (allow Access to All API) and added the scope >> https://apps-apis.google.com/**a/feeds/user/2.0/domain/<https://apps-apis.google.com/a/feeds/user/2.0/domain/>to >> update the user but I get a Zend Exception >> >> GET /a/feeds/XXXXXX.com/user/2.0/**XXXXXXX HTTP/1.1 >> Host: apps-apis.google.com >> Connection: close >> User-Agent: MyCompany-MyApp-1.0 Zend_Framework_Gdata/1.11.0dev >> Accept-encoding: identity >> Authorization: OAuth >> realm="",oauth_consumer_key="c**loudspartner.com<http://cloudspartner.com> >> ",oauth_nonce=**"**a52fa4056615b5623c9e4b9c6ce55b** >> 85",oauth_signature_method="**HMAC-SHA1",oauth_timestamp="** >> 1331891784",oauth_version="1.**0",oauth_signature="** >> DczkQoN2VJpDkyXGMgcFedCcMMg%**3D" >> >> Closing socket >> >> Closing socket >> >> HTTP/1.1 401 Unknown authorization header >> WWW-Authenticate: GoogleLogin realm="http://www.google.com/** >> accounts/ClientLogin <http://www.google.com/accounts/ClientLogin>", >> service="apps" >> Content-Type: text/html; charset=UTF-8 >> Date: Fri, 16 Mar 2012 09:56:25 GMT >> Expires: Fri, 16 Mar 2012 09:56:25 GMT >> Cache-Control: private, max-age=0 >> X-Content-Type-Options: nosniff >> X-Frame-Options: SAMEORIGIN >> X-XSS-Protection: 1; mode=block >> Server: GSE >> Connection: close >> >> <HTML> >> <HEAD> >> <TITLE>Unknown authorization header</TITLE> >> </HEAD> >> <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> >> <H1>Unknown authorization header</H1> >> <H2>Error 401</H2> >> </BODY> >> </HTML> >> >> Can you point me to the right direction? >> I can always do ClienLogin, but I'm trying to avoid it. >> >> Thanks and regards, >> >> >> -- > You received this message because you are subscribed to the Google Groups > "Google Apps Domain Information and Management APIs" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-apps-mgmt-apis/-/afBLnWhkEcMJ. > > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-apps-mgmt-apis?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
