Reputation: 11
Google directory API Retrieve a user as a non-administrator.
I have a google marketplace app that has a service account with the following permissions: https://www.googleapis.com/auth/userinfo.email,https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/admin.directory.group.readonly,https://www.googleapis.com/auth/admin.directory.orgunit.readonly,https://www.googleapis.com/auth/admin.directory.user.readonly
When a non-admin user authenticates into the app, the app needs to see that user's orgUnitPath in order to know where to place that user.
Specifying viewType=domain_public when doing a $directory->users->get call doesn't return the orgUnitPath, but when I specify viewType=admin_view I get an exception that the user doesn't have authorization to access this API.
Any ideas? Thanks
Upvotes: 0
Views: 666
Answers (1)
Reputation: 12673
The orgUnitPath field is not returned using the "domain_public" viewType, as you've found. Instead, you'll need to use the viewType "admin_view" (the default) and make the request as an admin. You can use the service account to impersonate an admin on the domain, as shown here.
Upvotes: 1
Related Questions
- How to determine user permissions with Google Directory API
- Google Directory API: 403 when retrieving user information with service account
- Unauthorized when calling Google Admin SDK Directory API
- Google Directory API returns Not Authorized when call users().list().execute()
- Google Admin SDK Directory API User Privileges
- PHP Retrieve all users Google Directory Admin SDK
- Google directory api always returns 403
- Google Directory API 403 Insufficient Permission errors when requesting all account users
- With Google Apps Admin SDK Directory API, how can I get authenticated user id?
- How can I retrieve the CustomerId from a using Google API calls from a NonAdmin user?