Hi Craudio: In case I need to develop password synchronization tool with SSO (SAML), once user authenticate with customer's LDAP success, this tool will perform password-sync (via Provisioning API) to Google. For this case, the tool that I developed this time using ClientLogin interface to use Provisioning API.
But as I know ClientLogin will be deprecated soon? What would you recommend? This tool is background process, it's invoked after user success authentication in SSO-SAML (Shibboleth Framework). So I'm doubt if I use OAuth 2.0 for this case, what will it look like? It's something like Administrative Tool. Please share. Thanks. Best Regards, Suttiwat On Friday, June 1, 2012 3:34:06 AM UTC+7, Claudio Cherubino wrote: > > Yes, I'm referring to the Provisioning API. > > Claudio > > On Thu, May 31, 2012 at 1:26 PM, Sandip Shah <[email protected]>wrote: > >> Claudio, >> >> "I don't know if OAuth 2.0 will support the 2-legged flow but we'll make >> sure everyone knows where to find the docs in case that happens ;)" >> >> This is for provisioning API only, correct? 'cause the 'Service >> Accounts' are working for other APIs. >> >> Sandip >> >> On Thu, May 31, 2012 at 1:22 PM, Claudio Cherubino <[email protected] >> > wrote: >> >>> Hi Patricia, >>> >>> Answers inline: >>> >>> On Thu, May 31, 2012 at 1:06 PM, Patricia N Goldweic < >>> [email protected]> wrote: >>> >>>> So, could somebody please confirm (or otherwise) the following >>>> statements?**** >>>> >>>> ** ** >>>> >>>> - If my app requires write access to the provisioning API, I should be >>>> able to use not only 3-legged OAuth 1.0 (which is currently deprecated), >>>> but also OAuth 2.0 to implement this. Presumably, I can use one of the >>>> existing java client libraries to do this. (a sample of such use that >>>> involved the provisioning api in particular –coupled with OAuth 2.0- >>>> would >>>> be great to see). >>>> >>> >>> Yes, you can use either 3-legged OAuth 1.0 or OAuth 2.0 to get write >>> access to the Provisioning API. >>> >>> **** >>>> >>>> ** ** >>>> >>>> - 2-legged access is not yet available for the provisioning API. If it * >>>> *ever** becomes available with OAuth 2.0, I would find it under the >>>> ‘service accounts’ documentation for the provisioning api. >>>> >>> >>> The Provisioning API supports 2-legged OAuth 1.0 in a readonly mode. >>> I don't know if OAuth 2.0 will support the 2-legged flow but we'll make >>> sure everyone knows where to find the docs in case that happens ;) >>> >>> >>> **** >>>> >>>> ** ** >>>> >>>> Thanks in advance,**** >>>> >>>> -Patricia**** >>>> >>>> ** ** >>>> >>>> *From:* [email protected] [mailto: >>>> [email protected]] *On Behalf Of *Sandip Shah >>>> *Sent:* Thursday, May 31, 2012 1:40 PM >>>> *To:* [email protected] >>>> *Subject:* Re: [google-apps-apis] Re: OAuth 2.0 and Provisioning API*** >>>> * >>>> >>>> ** ** >>>> >>>> Patricia,**** >>>> >>>> ** ** >>>> >>>> OAuth 1.0 supported both 3-legged and 2-legged methods for read/write >>>> access (for most APIs).**** >>>> >>>> ** ** >>>> >>>> OAuth 2.0 so far supports 'Desktop Application' and 'Web Server' >>>> "flows", again for read/write access, again for most APIs.**** >>>> >>>> ** ** >>>> >>>> The "Service Accounts" is the equivalent of the 2-legged mechanism and >>>> it is just being rolled out across different APIs. I have not seen an >>>> official page announcing when these will be live on each API, but maybe >>>> someone in Google can throw some light on that.**** >>>> >>>> ** ** >>>> >>>> Sandip**** >>>> >>>> On Thu, May 31, 2012 at 11:32 AM, Patricia N Goldweic < >>>> [email protected]> wrote:**** >>>> >>>> I've also worked with 2-legged Outh for docs, calendar and sites >>>> content, but this was using OAuth 1.0 (not 2.0). In terms of (write) >>>> provisioning access, I thought that the only thing available from Google >>>> (that supports Google Apps accounts) has been 3-legged OAuth 1.0. Is this >>>> assumption still valid? Can somebody from Google clarify? >>>> Ideally, there would be 2-legged support for write provisioning access, >>>> but if there isn't yet, please explain whether 3-legged OAuth 1.0 or OAuth >>>> 2.0 should be used instead for this purpose. Thanks in advance, >>>> -Patricia >>>> >>>> -----Original Message----- >>>> From: [email protected] [mailto: >>>> [email protected]] On Behalf Of bobpuffer >>>> Sent: Monday, May 28, 2012 9:01 AM >>>> To: Google Apps Domain Information and Management APIs >>>> Subject: [google-apps-apis] Re: OAuth 2.0 and Provisioning API >>>> >>>> I have also found this piece of valuable documentation that, if >>>> accurate does suggest calendar data is available via 2LO (tho I guess I've >>>> never been able to get it to work). >>>> >>>> https://developers.google.com/google-apps/marketplace/manifest#supported_scopes >>>> >>>> On May 28, 7:57 am, bobpuffer <[email protected]> wrote: >>>> > You're right, I was in error on the calendar, but am definitely using >>>> > to query and change spreadsheet cell data, create entire sheets in a >>>> > workbook and also Docs listings, creating collections, uploading >>>> > documents (with resumable upload). The most important thing to me is >>>> > what is the future of 2LO for administratively managing such >>>> > requirements? >>>> > Bob >>>> > >>>> > On May 27, 7:26 pm, Sandip Shah <[email protected]> wrote: >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > >>>> > > Bob, >>>> > >>>> > > I have been monitoring the forums closely, and no one can get even a >>>> > > the Calendar API to work with Service Accounts (2LO in OAuth 2.0 >>>> world). >>>> > >>>> > > Do you mind posting some sample code? >>>> > >>>> > > Thanks, >>>> > >>>> > > Sandip >>>> > >>>> > > On Sun, May 27, 2012 at 2:34 PM, bobpuffer <[email protected]> >>>> wrote: >>>> > > > ACL lists on all of the documents apis (Sites, Spreadsheets, Docs, >>>> > > > Calendars). Docs listing. Almost anything including querying and >>>> > > > updating cells in spreadsheets. Some spreadsheet functions fail >>>> > > > because the redirect goes to a location that only accepts >>>> Clientlogin. >>>> > > > I'm pretty confused between my experience and your statements. >>>> > > > Most of all I'd be interested in knowing the near and distant >>>> > > > future of being able to support 2-legged OAuth because its >>>> > > > critical and if its going away, we have to align ourselves with a >>>> > > > service that can meet our repository needs using administrative >>>> > > > control without user intervention. >>>> > > > Bob >>>> > >>>> > > > On May 26, 12:53 pm, Sandip Shah <[email protected]> wrote: >>>> > > > > Correction - it does not support the Google Apps APIs. >>>> > >>>> > > > > Sandip >>>> > >>>> > > > > On Saturday, May 26, 2012 10:28:17 AM UTC-7, Sandip Shah wrote: >>>> > >>>> > > > > > Hi Bob, >>>> > >>>> > > > > > OAuth 2.0 does not support 2-legged anywhere afaik. >>>> > >>>> > > > > > Which APIs are you using it with? >>>> > >>>> > > > > > Sandip >>>> > >>>> > > > > > On Saturday, May 26, 2012 7:30:30 AM UTC-7, bobpuffer wrote: >>>> > >>>> > > > > >> Is it just that OAuth 2.0 doesn't support 2-legged for the >>>> > > > > >> provisioning? I'm using OAuth 2.0 2-legged all over the >>>> > > > > >> place except the provisioning. >>>> > > > > >> Thanks >>>> > >>>> > > > > >> On May 25, 7:25 pm, Claudio Cherubino <[email protected]> >>>> wrote: >>>> > > > > >> > Hi Bob, >>>> > >>>> > > > > >> > OAuth 2.0 doesn't support the 2-legged flow. >>>> > > > > >> > If you use 2-legged OAuth 1.0 with the Provisioning API you >>>> > > > > >> > don't >>>> > > > have >>>> > > > > >> to >>>> > > > > >> > specify the xoauth_requestor_id parameter. >>>> > >>>> > > > > >> > Claudio >>>> > >>>> > > > > >> > On Fri, May 25, 2012 at 8:24 PM, bobpuffer >>>> > > > > >> > <[email protected]> >>>> > > > > >> wrote: >>>> > > > > >> > > So... in order to programmatically provision user >>>> > > > > >> > > accounts using >>>> > > > > >> 2-legged >>>> > > > > >> > > OAuth 2.0 would the xoauth_requestor_id be the email of >>>> > > > > >> > > an admin >>>> > > > > >> capable of >>>> > > > > >> > > creating new accounts? I'm getting invalid header >>>> returns. >>>> > >>>> > > > > >> > > -- >>>> > > > > >> > > You received this message because you are subscribed to >>>> > > > > >> > > the Google >>>> > > > > >> Groups >>>> > > > > >> > > "Google Apps Domain Information and Management APIs" >>>> group. >>>> > > > > >> > > To view this discussion on the web visit >>>> > >>>> > > > >>>> https://groups.google.com/d/msg/google-apps-mgmt-apis/-/uBM2KVOuStkJ. >>>> > >>>> > > > > >> > > To post to this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > To unsubscribe from this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > For more options, visit this group at >>>> > > > > >> > > >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> > >>>> > > > > On Saturday, May 26, 2012 10:28:17 AM UTC-7, Sandip Shah wrote: >>>> > >>>> > > > > > Hi Bob, >>>> > >>>> > > > > > OAuth 2.0 does not support 2-legged anywhere afaik. >>>> > >>>> > > > > > Which APIs are you using it with? >>>> > >>>> > > > > > Sandip >>>> > >>>> > > > > > On Saturday, May 26, 2012 7:30:30 AM UTC-7, bobpuffer wrote: >>>> > >>>> > > > > >> Is it just that OAuth 2.0 doesn't support 2-legged for the >>>> > > > > >> provisioning? I'm using OAuth 2.0 2-legged all over the >>>> > > > > >> place except the provisioning. >>>> > > > > >> Thanks >>>> > >>>> > > > > >> On May 25, 7:25 pm, Claudio Cherubino <[email protected]> >>>> wrote: >>>> > > > > >> > Hi Bob, >>>> > >>>> > > > > >> > OAuth 2.0 doesn't support the 2-legged flow. >>>> > > > > >> > If you use 2-legged OAuth 1.0 with the Provisioning API you >>>> > > > > >> > don't >>>> > > > have >>>> > > > > >> to >>>> > > > > >> > specify the xoauth_requestor_id parameter. >>>> > >>>> > > > > >> > Claudio >>>> > >>>> > > > > >> > On Fri, May 25, 2012 at 8:24 PM, bobpuffer >>>> > > > > >> > <[email protected]> >>>> > > > > >> wrote: >>>> > > > > >> > > So... in order to programmatically provision user >>>> > > > > >> > > accounts using >>>> > > > > >> 2-legged >>>> > > > > >> > > OAuth 2.0 would the xoauth_requestor_id be the email of >>>> > > > > >> > > an admin >>>> > > > > >> capable of >>>> > > > > >> > > creating new accounts? I'm getting invalid header >>>> returns. >>>> > >>>> > > > > >> > > -- >>>> > > > > >> > > You received this message because you are subscribed to >>>> > > > > >> > > the Google >>>> > > > > >> Groups >>>> > > > > >> > > "Google Apps Domain Information and Management APIs" >>>> group. >>>> > > > > >> > > To view this discussion on the web visit >>>> > >>>> > > > >>>> https://groups.google.com/d/msg/google-apps-mgmt-apis/-/uBM2KVOuStkJ. >>>> > >>>> > > > > >> > > To post to this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > To unsubscribe from this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > For more options, visit this group at >>>> > > > > >> > > >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> > >>>> > > > > On Saturday, May 26, 2012 10:28:17 AM UTC-7, Sandip Shah wrote: >>>> > >>>> > > > > > Hi Bob, >>>> > >>>> > > > > > OAuth 2.0 does not support 2-legged anywhere afaik. >>>> > >>>> > > > > > Which APIs are you using it with? >>>> > >>>> > > > > > Sandip >>>> > >>>> > > > > > On Saturday, May 26, 2012 7:30:30 AM UTC-7, bobpuffer wrote: >>>> > >>>> > > > > >> Is it just that OAuth 2.0 doesn't support 2-legged for the >>>> > > > > >> provisioning? I'm using OAuth 2.0 2-legged all over the >>>> > > > > >> place except the provisioning. >>>> > > > > >> Thanks >>>> > >>>> > > > > >> On May 25, 7:25 pm, Claudio Cherubino <[email protected]> >>>> wrote: >>>> > > > > >> > Hi Bob, >>>> > >>>> > > > > >> > OAuth 2.0 doesn't support the 2-legged flow. >>>> > > > > >> > If you use 2-legged OAuth 1.0 with the Provisioning API you >>>> > > > > >> > don't >>>> > > > have >>>> > > > > >> to >>>> > > > > >> > specify the xoauth_requestor_id parameter. >>>> > >>>> > > > > >> > Claudio >>>> > >>>> > > > > >> > On Fri, May 25, 2012 at 8:24 PM, bobpuffer >>>> > > > > >> > <[email protected]> >>>> > > > > >> wrote: >>>> > > > > >> > > So... in order to programmatically provision user >>>> > > > > >> > > accounts using >>>> > > > > >> 2-legged >>>> > > > > >> > > OAuth 2.0 would the xoauth_requestor_id be the email of >>>> > > > > >> > > an admin >>>> > > > > >> capable of >>>> > > > > >> > > creating new accounts? I'm getting invalid header >>>> returns. >>>> > >>>> > > > > >> > > -- >>>> > > > > >> > > You received this message because you are subscribed to >>>> > > > > >> > > the Google >>>> > > > > >> Groups >>>> > > > > >> > > "Google Apps Domain Information and Management APIs" >>>> group. >>>> > > > > >> > > To view this discussion on the web visit >>>> > >>>> > > > >>>> https://groups.google.com/d/msg/google-apps-mgmt-apis/-/uBM2KVOuStkJ. >>>> > >>>> > > > > >> > > To post to this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > To unsubscribe from this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > For more options, visit this group at >>>> > > > > >> > > >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> > >>>> > > > > On Saturday, May 26, 2012 10:28:17 AM UTC-7, Sandip Shah wrote: >>>> > >>>> > > > > > Hi Bob, >>>> > >>>> > > > > > OAuth 2.0 does not support 2-legged anywhere afaik. >>>> > >>>> > > > > > Which APIs are you using it with? >>>> > >>>> > > > > > Sandip >>>> > >>>> > > > > > On Saturday, May 26, 2012 7:30:30 AM UTC-7, bobpuffer wrote: >>>> > >>>> > > > > >> Is it just that OAuth 2.0 doesn't support 2-legged for the >>>> > > > > >> provisioning? I'm using OAuth 2.0 2-legged all over the >>>> > > > > >> place except the provisioning. >>>> > > > > >> Thanks >>>> > >>>> > > > > >> On May 25, 7:25 pm, Claudio Cherubino <[email protected]> >>>> wrote: >>>> > > > > >> > Hi Bob, >>>> > >>>> > > > > >> > OAuth 2.0 doesn't support the 2-legged flow. >>>> > > > > >> > If you use 2-legged OAuth 1.0 with the Provisioning API you >>>> > > > > >> > don't >>>> > > > have >>>> > > > > >> to >>>> > > > > >> > specify the xoauth_requestor_id parameter. >>>> > >>>> > > > > >> > Claudio >>>> > >>>> > > > > >> > On Fri, May 25, 2012 at 8:24 PM, bobpuffer >>>> > > > > >> > <[email protected]> >>>> > > > > >> wrote: >>>> > > > > >> > > So... in order to programmatically provision user >>>> > > > > >> > > accounts using >>>> > > > > >> 2-legged >>>> > > > > >> > > OAuth 2.0 would the xoauth_requestor_id be the email of >>>> > > > > >> > > an admin >>>> > > > > >> capable of >>>> > > > > >> > > creating new accounts? I'm getting invalid header >>>> returns. >>>> > >>>> > > > > >> > > -- >>>> > > > > >> > > You received this message because you are subscribed to >>>> > > > > >> > > the Google >>>> > > > > >> Groups >>>> > > > > >> > > "Google Apps Domain Information and Management APIs" >>>> group. >>>> > > > > >> > > To view this discussion on the web visit >>>> > >>>> > > > >>>> https://groups.google.com/d/msg/google-apps-mgmt-apis/-/uBM2KVOuStkJ. >>>> > >>>> > > > > >> > > To post to this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > To unsubscribe from this group, send email to >>>> > > > > >> > > [email protected]. >>>> > > > > >> > > For more options, visit this group at >>>> > > > > >> > > >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> > >>>> > > > -- >>>> > > > You received this message because you are subscribed to the Google >>>> > > > Groups "Google Apps Domain Information and Management APIs" group. >>>> > > > To post to this group, send email to >>>> > > > [email protected]. >>>> > > > To unsubscribe from this group, send email to >>>> > > > [email protected]. >>>> > > > For more options, visit this group at >>>> > > >http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google Apps Domain Information and Management APIs" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google Apps Domain Information and Management APIs" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en.**** >>>> >>>> ** ** >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google Apps Domain Information and Management APIs" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en.**** >>>> >>>> -- >>>> You received this message because you are subscribed to the Google >>>> Groups "Google Apps Domain Information and Management APIs" group. >>>> To post to this group, send email to >>>> [email protected]. >>>> To unsubscribe from this group, send email to >>>> [email protected]. >>>> For more options, visit this group at >>>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>>> >>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "Google Apps Domain Information and Management APIs" group. >>> To post to this group, send email to >>> [email protected]. >>> To unsubscribe from this group, send email to >>> [email protected]. >>> For more options, visit this group at >>> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >>> >> >> -- >> You received this message because you are subscribed to the Google Groups >> "Google Apps Domain Information and Management APIs" group. >> To post to this group, send email to >> [email protected]. >> To unsubscribe from this group, send email to >> [email protected]. >> For more options, visit this group at >> http://groups.google.com/group/google-apps-mgmt-apis?hl=en. >> > > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/eLBi6yQAXasJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
