Does Google Apps Email Migration API support 2 legged oAuth?

1
votes

I am trying to develop winform application using Google Apps Email migration API. I also want to use 2 legged oAuth.

I have successfully used 2 legged oAuth with contacts data API. To do this i have set the API scope "http(s)://www.google.com/m8/feeds/" on "Manage client API access" page. (http://www.google.com/support/a/bin/answer.py?hl=en&answer=162106)

For Email Migration Api I set the scope as "https://apps-apis.google.com/a/feeds/migration". But I am getting "401: UnAuthorized access" error.

My code is something like this:

            GOAuthRequestFactory requestFactory = new GOAuthRequestFactory("MailItemService", "company-application-v1");
            requestFactory.ConsumerKey = "domainname";
            requestFactory.ConsumerSecret = "consumersecret";

            MailItemService mailItemService = new MailItemService("domainname", "company-application-v1");
            mailItemService.RequestFactory = requestFactory;
            MailItemEntry entry = new MailItemEntry();
            entry.Rfc822Msg = new Rfc822MsgElement(rfcTextOfMessage);

            entry.MailItemProperties.Add(MailItemPropertyElement.STARRED);
            entry.MailItemProperties.Add(MailItemPropertyElement.UNREAD);
            entry.MailItemProperties.Add(MailItemPropertyElement.INBOX);
            entry.Labels.Add(new LabelElement("Friends"));
            entry.Labels.Add(new LabelElement("Event Invitations"));
            entry.BatchData = new GDataBatchEntryData();
            entry.BatchData.Id = "0";
            MailItemEntry[] entries = new MailItemEntry[1];
            entries[0] = entry;
            MailItemFeed feed = mailItemService.Batch("domainname", user, entries);

How can we implement 2 legged oAuth with email migration API.

Thanks!

2
oauthgoogle-appsgoogle-email-migration

2 Answers

0
votes

To use two-legged OAuth in OAuth 1.0a, you need to specify who is performing the action. This is the user the API will check for proper access. Since the consumer key and secret give full access to your domain, you can impersonate any user and have the request go through as them.

In the case of the Email Migration API, you need to impersonate the user you're migrating emails to. Set the URL parameter "xoauth_requestor_id" to the full email address of the user and the requests should go through.

0
votes

The scope is:

https://apps-apis.google.com/a/feeds/migration/

your missing the last / in your code. Also, if you're using the Google Apps domain's primary OAuth key (the key is the primary domain) but you're migrating to a secondary domain user, you'll need to either manually grant the primary OAuth key access to all domains or setup a 3rd party OAuth client. The Admin guide for Google's Exchange migration tool covers how this is configured:

http://static.googleusercontent.com/external_content/untrusted_dlcp/www.google.com/en/us/support/enterprise/static/gapps/docs/admin/en/gapps_exchange_migration/gamme_admin.pdf#page=19