@PeterB: OAuth2 doesn't support 2-legged yet which is why he needs to use 1.0a
@Matias: You'd need to speak to Google as to when 2-legged OAuth 1.0a will be deprecated but being that it's the only solution available for their marketplace apps today, I can't see them deprecating it very quickly. Jay On Friday, September 7, 2012 4:43:04 AM UTC-4, PeterB wrote: > > The Provisioning API Scopes are fully supported by oAuth 2.0. Since oAuth > 1.0 is on its way out, I'd advise to migrate as soon as you can > > On Friday, September 7, 2012 1:17:09 AM UTC+2, woloski wrote: >> >> Thanks Jay. That still puts the burden on the administrator though. In my >> scenario I sell an application that integrates with Google Apps. I want the >> admin to do the least amount of things to be up and running quickly. If I >> ask him/her to create a special role and assign all its users to that role >> just because I want to get the groups each user belong to it sounds to me >> very intrusive. Instead if I could say "Give permission to this app XXX to >> the following scopes YYY" like you can do today through the control panel, >> that sounds like a better way to give permissions. >> >> I managed to do it using OAuth 1.0a 2-legged auth but could not do it >> with Service Accounts and OAuth2. Seems like the Google Api console does >> not support the provisioning API yet. >> >> I am wondering, if OAuth 1.0a is deprecated my app won't work anymore and >> I have to move to OAuth2. Someone from Google knows when this will happen? >> When will OAuth 1.0a be retired? >> >> Thanks >> Matias >> >> On Thursday, September 6, 2012 6:05:59 PM UTC-3, Jay Lee wrote: >>> >>> Hi woloski, >>> >>> You can create delegated administrator accounts that only have rights >>> to perform read operations against users using the Provisioning API. See >>> below. >>> >>> http://support.google.com/a/bin/answer.py?hl=en&answer=2406043 >>> >>> Jay >>> >>> On Sunday, August 26, 2012 2:49:12 PM UTC-4, woloski wrote: >>>> >>>> It seems the only way to know if a user is a Google Apps administrator >>>> is by using the Provisioning API >>>> >>>> >>>> https://developers.google.com/google-apps/provisioning/#retrieving_user_accounts >>>> >>>> Asking a user to enable the Provisioning API and allow access to >>>> everything seems a bit too much just to get read-only information about >>>> him/her. Ideally, this information should come as part of the user >>>> profile, >>>> together with the groups he belongs to. >>>> >>>> Is there another way to get the information? I want just read-only >>>> access. Another option would be to use Service Accounts through Google API >>>> Console so that the end user doesn't have to give consent to access such >>>> APIs and it's a one-time thing. Is that possible? >>>> >>>> Thanks, >>>> Matias >>>> >>> -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-apps-mgmt-apis/-/TKLu6_qLL8cJ. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
