Determine if a user is a member of a group

Question

Determine if a user is a member of a group

Background

Our corporate users have a Google Apps account. We would like to allow them (and only them) to access the extranet using a Google account. Ideally, we would also like to manage permissions through the Google domain management interface. One thought is to create groups and associate group membership with extranet permissions.

Study

Google Apps supports login using OAuth 2.0 , and also supports provisioning through the API , which allows us to check whether the user is a member of a group. The Provisioning API API probably requires administrator credentials.

Question

Can I programmatically determine if a Google Apps user is a member of a group without domain administrator credentials?

Is there a better way to achieve this?

+7

google-apps google-api google-admin-sdk

Eric J. May 17, '13 at 4:58

source share

1 answer

Jay lee · Accepted Answer · 2013-05-22T14:42:53+0000

Calling the API to verify group membership requires at least a delegated administrator with read permissions to the groups through the API. If you use the new Google Admin API Membership APIs , you can also limit the scope to only:

https://www.googleapis.com/auth/admin.directory.group.readonly

The administrator SDK uses OAuth 2.0, which does not require a delegated administrator username / password, only the OAuth token.

Determine if a user is a member of a group

More articles: