Reputation: 12412
Authentication for Google Directory using API key
I'm attempting to write a script that will add G Suite accounts, but I want to do it without redirecting to Google to authorize each time the form is submitted. Is there a way to authorize within a script? I attempted authorizing using an API key but was getting a 401 Error - Login Required
Using oAuth and being redirected to Google works:
from __future__ import print_function
from googleapiclient.discovery import build
from httplib2 import Http
from oauth2client import file, client, tools
# If modifying these scopes, delete the file token.json.
SCOPES = 'https://www.googleapis.com/auth/admin.directory.user'
def main():
store = file.Storage('token.json')
creds = store.get()
if not creds or creds.invalid:
flow = client.flow_from_clientsecrets('creds.json', SCOPES)
creds = tools.run_flow(flow, store)
service = build('admin', 'directory_v1', http=creds.authorize(Http()))
print('Adding user...')
#create a user
service.users().insert(body={
"name": {
"givenName": "John",
"fullName": "John Smith",
"familyName": "Smith",
},
"password": "password",
"primaryEmail": "[email protected]",
"changePasswordAtNextLogin": True,
}).execute()
if __name__ == '__main__':
main()
Using my API key which returns a 401 Error
API_KEY = 'key'
def main():
service = build('admin', 'directory_v1', developerKey=API_KEY)
print('Adding user...')
#create a user
service.users().insert(body={
"name": {
"givenName": "John",
"fullName": "John Smith",
"familyName": "Smith",
},
"password": "password",
"primaryEmail": "[email protected]",
"changePasswordAtNextLogin": True,
}).execute()
if __name__ == '__main__':
main()
Upvotes: 1
Views: 1603
Answers (1)
Reputation: 116908
The first thing you need to understand is the difference between private and public data. Private data is data that is owned by a user and requires that you have the users permission to access. Public data is not owned by anyone. You can use an api key to access public data but not private data.
if you check Users: insert you will notice it states.
Authorization This request requires authorization with the following scope (read more about authentication and authorization).
So this is a method that requires authentication. You have two options Oauth2 and request access of the user or to use a service account. A service account is like a dummy user this dummy user is granted access via domain wide delication it is normally used for server to server communication where there is no user to authenticate the code. I suggest you look into setting this up.
Upvotes: 1
Related Questions
- Authenticate to Google Admin Directory API
- Google Directory API using Server to Server OAuth 2.0 returning "Not Authorized to access this resource"
- Google Drive API - using Google.Apis.Authentication
- Using Dart googleapis_auth (0.2.2) to authorize Admin SDK Directory API in Google Apps domains with service account
- Resource not Found userKey Google Directory API using Service Account
- With Google Apps Admin SDK Directory API, how can I get authenticated user id?
- Google Admin SDK [Directory - API] check User password
- What is the proper way to authenticate with Google to use Google Directory API in the Admin SDK?
- set up oauth2.0 key for google api
- API authentication using Google OAuth 2.0