Reputation: 1007
API access to third-party apps via G Suite Admin SDK
Our company uses Sign in with Google to log into various third party applications (e.g. Atlassian Jira/Confluence, Coda, Dropbox, Hubspot etc.).
I have been able to use the Admin SDK to get API access to each user's email, calendar, drive via the domain-wide delegation. Is it possible to delegate access to all the third-party apps that are connected to the user's Google accounts too?
Ideally, I want to be able to use the third-party APIs (just the way I'm able to use Gmail, Drive, Calendar APIs) on behalf of the users—without having the users grant my application explicit access (via OAuth) for each third-party app.
Upvotes: 2
Views: 427
Answers (1)
Reputation: 1212
It really depends on the third party app. As you noticed your users can give you (scoped) access to some other app (GSuite apps for your example) but there are more apps out there!
What prevents your user to give you access to other third party apps is the third party apps implementing this.
Let's say your users log in to spotify using a Google account for which you have scoped access to say, gmail. Your app picks up that there is a new service in town by reading the registration email from spotify and prompts the user to give access to say manage playlists and play music apt to the email begin written.
If spotify does not implement an API where the user can grant access to an app this can't be done. Also the user must grant access to some resources, say playlists, and everything else will not be available to you.
Each user must grant access, usually in form of a token that is negotiated between the service you want to call on behalf of the user, say spotify, and your app.
In our example it's spotify that grant access once you present your token and the only way to get a token would be to ask the user a grant which is usually done through some OAuth dance.
GSuite has many apps and you can set up different policies but spotify is a different app/company and is not covered by your domain-wide delegation so you really need to ask the user and the user has to grant you access.
If by any chance the third party app has some strange deal with GSuite that's another story but this is the general case.
Upvotes: 1
Related Questions
- Grant Third Party Application Access to Google Drive API and Admin SDK API of another Organization's Google Workspace
- Google API to discover third party app access
- How to retrieve all 3rd party apps in Google workspace / Google admin SDK using API?
- G-Cloud SDK Application: How to authorize sdk app to access google sheets
- Can GSuite be accessed by means of API key?
- Accessing G Suite Admin SDK using service account
- G Suite API - Grant access only to specific OU
- GSuite Service Account + OAuth2 for other domains
- New API for G Suite Admin Console?
- Where is Manage third party OAuth Client access