CODEWITHSUNDEEP
google-apps-marketplace
Joao Garin
Joao Garin

Reputation: 573

Correct way to implement automatic oauth SSO with marketplace app

I have an app developed with PHP for the google marketplace. It is working well although users when installed the app on the domain, it still asks for permissions to access contacts,drive etc when coming from the google default navigation button.

according to google it should be automatic when installing the app on the domain and users should not be prompted for anymore permissions. How is the correct way to implement this using the new SDK and oauth 2.0?

Best regards, Joao Garin

Upvotes: 0

Views: 274

Answers (2)

Khushal Patel
Khushal Patel

Reputation: 124

Put all your scope in admin sdk and when user gets redirected to your url "http://www.example.com/?domain=somedomain.com" just redirect the user to google again with only scope="email+profile", "include_granted_scopes=true" makes it include all the scopes you have defined in the admin sdk and try to avoid https://www.googleapis.com/auth/plus.login scope in the request as it will causes confirmation popup for access to users' circles for each user and its broke the seamless domain-wide sso.

Here is an example in vb.net:

sub page_load
  Dim loginUrl = "https://accounts.google.com/o/oauth2/auth?scope=" & _
            "email+profile&" & _
            "state=" & xState & "&" & _
            "redirect_uri=" & GoogleApiCredentialHelper.RedirectUri & "&" & _
            "response_type=code&" & _
            "client_id=" & GoogleApiCredentialHelper.ClientId & "&" & _
            "access_type=offline&" & _
            "approval_prompt=auto&" & _
            "include_granted_scopes=true"

response.redirect(loginUrl)
end sub

Upvotes: 1

Arun Nagarajan
Arun Nagarajan

Reputation: 5645

Take a look at this post - SSO with Oauth2.0 for Enterprice Google App (OpenId to Oauth2.0 migration)

That one is Python oriented but should work with similar ideas on PHP.

Upvotes: 1

Related Questions