Search code examples
google-admin-sdkgoogle-workspacegoogle-api-javascript-clientgoogle-php-sdk

What is the URL to authenticate Gsuite users using curl?

I want to authenticate Gsuite users in order for them to be able to create groups from my company's application, I have to do so using CURL, what URL should I send a post request to?

For example, if I want to login a user to Google plus, I would hit this url

CURLOPT_URL => "https://www.googleapis.com/plus/v1/people/me?access_token=" . $access_token,

What url is for Gsuite?

Solution

  • If your goal is to retrive the information about a user in G Suite:

    CURLOPT_URL => "https://www.googleapis.com/admin/directory/v1/users/[email protected]?access_token=" . $access_token;

    Note: Please consult the Directory API on how delegation is performed. This is required. Normal Access Tokens will not work without Domain-wide Delegation enabled.

    Your credentials (Access Token) will need the correct scopes:

    https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.user

    Your credentials will need the correct delegation.

    Python example:

    SCOPES = [
        "https://www.googleapis.com/auth/admin.directory.group",
        "https://www.googleapis.com/auth/admin.directory.user"
        ]

key_file = 'google-directory-api-service-account.json'

SERVICE_ACCOUNT_EMAIL = '[email protected]'
ADMIN_EMAIL = '[email protected]'

credentials = service_account.Credentials.from_service_account_file(
                        key_file,
                        scopes = SCOPES)

credentials = credentials.with_subject(ADMIN_EMAIL)

    Domain-wide Delegation

    See the bottom of this answer for common errors that I have seen when setting up G Suite access.

    If your goal is to retrieve information stored within a Google OAuth 2.0 Token:

    These urls expects a Google OAuth 2.0 Access Token. The alt=json specifies returning JSON.

    Examples that you can test in a command prompt:

    curl -k "https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=ACCESS_TOKEN"

curl -k "https://www.googleapis.com/oauth2/v1/userinfo?alt=json&access_token=ACCESS_TOKEN"

    There is also the v3 endpoint for :

    curl -k "https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=ACCESS_TOKEN"

    Common problems when setting up API access to G Suite:

    • Access Not Configured. Admin Directory API has not been used in project 123456789012 before or it is disabled.

    Go to the Google Cloud Console. Enable the API for Admin SDK.

    • Not Authorized to access this resource/api.

    You have not setup Domain-wide delegation correctly.

    • Client is unauthorized to retrieve access tokens using this method

    You tried to setup Domain-wide delegation on an existing service account. You need to create a new service account that does not have any IAM Roles assigned.