Creating and setting custom attributes for Google Admin SDK

Question

I've been reading this documentation on how to update custom attributes for users. From how this is written, it seems as though I would be able to do the following:

    email = "a@a.com"
    results = service.users().list(domain="a.com",projection="full",query='email={0}'.format(email)).execute()

    if len(results["users"]) == 1:
        user = results["users"][0]
        user["customSchemas"]["TEST"] = "TEST"
        try:
            userResponse = service.users().update(userKey=email, body=user).execute()
        except HttpError, e:
            print(e)

However, I am thrown the error:

https://www.googleapis.com/admin/directory/v1/users/test%40test.com?alt=json returned "Not Authorized to access this resource/api">

I'm not sure if the error is because I am trying to update the fields incorrectly, if the escaping of the @ in the url is causing issues, or if I don't have the proper scopes (I am using https://www.googleapis.com/auth/admin.directory.user, https://www.googleapis.com/auth/admin.directory.domain, https://www.googleapis.com/auth/admin.directory.userschema).

How can I create custom attributes (for everyone) and update them for a user using the python SDK?

Answer 1

I suggest that you refer to the following documentation:

• Create a Custom Schema
• Set Custom Schema fields for a given user

Below you can find an example of how to create a custom schema and use it for users

# third parties imports
from googleapiclient.discovery import build
from httplib2 import Http
from oauth2client.service_account import ServiceAccountCredentials

# modify according to your requirements
CLIENT_SECRET = 'client.json'  # the credentials downloaded from the GCP Console
ADMIN_USER = 'admin@yourdomain.com'  # The admin user used by the service account
SCHEMA_USER = 'user@yourdomain.com'  # The user for which the custom schema will be set
SCHEMA_NAME = 'TestSchema'  # the name of the schema we want to work with

# Scopes
SCOPES = ['https://www.googleapis.com/auth/admin.directory.userschema',  # to create the schema
          'https://www.googleapis.com/auth/admin.directory.user', ]  # to manage users

# service account initialization
credentials = ServiceAccountCredentials.from_json_keyfile_name(CLIENT_SECRET, scopes=SCOPES)
delegated_admin = credentials.create_delegated(ADMIN_USER)
admin_http_auth = delegated_admin.authorize(Http())

admin_sdk = build('admin', 'directory_v1', http=admin_http_auth)  # Admin SDK service

# we list all the schemas...
schema_list_params = {
    'customerId': 'my_customer',
    'fields': 'schemas/schemaName',
}
schema_list = admin_sdk.schemas().list(**schema_list_params).execute()

# ... And we create a set with the names of the custom schemas
unique_schemas = set()
for schema in schema_list['schemas']:
    unique_schemas.add(schema['schemaName'])

# if the schema we want to work with is not there, we create it
if SCHEMA_NAME not in unique_schemas:
    schema_insert_params = {
        'customerId': 'my_customer',
        'body': {
            'schemaName': SCHEMA_NAME,
            'displayName': 'Test Schema',
            'fields': [
                {
                    'fieldName': 'TestField',
                    'fieldType': 'STRING',
                    'displayName': 'Test Field',
                    'multiValued': False,
                }
            ]
        },
    }
    schema_insert = admin_sdk.schemas().insert(**schema_insert_params).execute()

# we set a value for our custom schema on the desired user
user_patch_params = {
    'userKey': SCHEMA_USER,
    'body': {
        'customSchemas': {
            SCHEMA_NAME: {
                'TestField': 'My cool test value!'
            },
        },
    },
}
user_patch = admin_sdk.users().patch(**user_patch_params).execute()

Answer 2

This has been a more accurate guide: https://developers.google.com/admin-sdk/directory/v1/guides/delegation#instantiate_an_admin_sdk_directory_service_object