Google + Domains API domain wide delegation

Question

I am trying to write a powershell script that uses the Invoke-RestMethod to connect to the Google + Api and authenticates with a service account that has been granted domain wide delegation of authority. Then I want to use a list names to retrieve the google + userid and from there I want to create a circle and insert all of those users into that circle.

The main issue I am having is retrieving the userid for the list of users, I think I would be able to figure the rest out once I had that piece.

Thanks

Answer 1

The Google+ Domains API is unique in that it allows you to make API calls using email addresses in the place of the Google+ ID. This means that if you have a list of users within your domain, you may make API calls on their behalf, by specifying their email address when building the authorized API client.

In Java, this is done by calling setServiceAcountUser on your GoogleCredential:

GoogleCredential credential = new GoogleCredential.Builder()
    .setTransport(httpTransport)
    .setJsonFactory(jsonFactory)
    .setServiceAccountId(SERVICE_ACCOUNT_EMAIL)
    .setServiceAccountScopes(SCOPE)
    .setServiceAccountUser(USER_EMAIL)
    .setServiceAccountPrivateKeyFromP12File(
        new java.io.File(SERVICE_ACCOUNT_PKCS12_FILE_PATH))
    .build();

For additional examples and information, check out https://developers.google.com/+/domains/authentication/delegation.

Also, if you do wish to compile a list of Google+ IDs, you need only make a people.get API call using the email address for the authenticated user, and the Google+ ID will be included in the Person response. (https://developers.google.com/+/domains/api/people/get)