11
votes

I'm building a web-application that lets users login with a google-apps account. I need some userinfo, nr of new e-mails, calendar access and all the groups (in my domain) the user is a member of. The trouble is that i can't find the right scope (and endpoint) to get the groups a user is member of. Does somebody knows if it is possible? And how it's done...

What I got so far: I've played with the Groups-provisioning scope (https://apps-apis.google.com/a/feeds/groups/) the problem is that you have to be an administrator to view the data.. And I want all users to see there memberships... The google oauth playground isn't getting me further (https://code.google.com/oauthplayground/)

2

2 Answers

5
votes

i had the same problem and figured it out.

  1. needed scope is "https://apps-apis.google.com/a/feeds/groups/"

  2. API request looks like this: "https://apps-apis.google.com/a/feeds/group/2.0/{domain}/{group name}/member" as a header of request use: 'Authorization': "OAuth " + {access_token}

  3. google application account holder must have roles by following manual(reading rule at least):

To enable the Provisioning API for a Next generation control panel:

  1. Log in to your admin account and select Domain settings.
  2. Select the User settings tab.
  3. Select the checkbox enabling the Provisioning API, and save your changes.

To enable the Provisioning API for a current control panel:

  1. Log in to your admin account and select the Users and groups tab.
  2. Select the the Settings subtab.
  3. Select the checkbox to enable the Provisioning API and save your changes.

Domain administrator only has possibility to change this settings.

0
votes

So, it means that you have to list groups in your domain and compare the email of the user with all emails in all groups in the domain.