The Provisioning API Scopes are fully supported by oAuth 2.0. Since oAuth 1.0 is on its way out, I'd advise to migrate as soon as you can
On Friday, September 7, 2012 1:17:09 AM UTC+2, woloski wrote: > > Thanks Jay. That still puts the burden on the administrator though. In my > scenario I sell an application that integrates with Google Apps. I want the > admin to do the least amount of things to be up and running quickly. If I > ask him/her to create a special role and assign all its users to that role > just because I want to get the groups each user belong to it sounds to me > very intrusive. Instead if I could say "Give permission to this app XXX to > the following scopes YYY" like you can do today through the control panel, > that sounds like a better way to give permissions. > > I managed to do it using OAuth 1.0a 2-legged auth but could not do it with > Service Accounts and OAuth2. Seems like the Google Api console does not > support the provisioning API yet. > > I am wondering, if OAuth 1.0a is deprecated my app won't work anymore and > I have to move to OAuth2. Someone from Google knows when this will happen? > When will OAuth 1.0a be retired? > > Thanks > Matias > > On Thursday, September 6, 2012 6:05:59 PM UTC-3, Jay Lee wrote: >> >> Hi woloski, >> >> You can create delegated administrator accounts that only have rights >> to perform read operations against users using the Provisioning API. See >> below. >> >> http://support.google.com/a/bin/answer.py?hl=en&answer=2406043 >> >> Jay >> >> On Sunday, August 26, 2012 2:49:12 PM UTC-4, woloski wrote: >>> >>> It seems the only way to know if a user is a Google Apps administrator >>> is by using the Provisioning API >>> >>> >>> https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts >>> >>> Asking a user to enable the Provisioning API and allow access to >>> everything seems a bit too much just to get read-only information about >>> him/her. Ideally, this information should come as part of the user profile, >>> together with the groups he belongs to. >>> >>> Is there another way to get the information? I want just read-only >>> access. Another option would be to use Service Accounts through Google API >>> Console so that the end user doesn't have to give consent to access such >>> APIs and it's a one-time thing. Is that possible? >>> >>> Thanks, >>> Matias >>> >> -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/g3ndUdhwgJUJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
