Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Determine Whether User is Group Member

Tags:

google-api

google-apps

google-admin-sdk

Background

Our corporate users have a Google Apps account. We would like to allow them (and only them) to log in to an extranet using the Google account. Ideally we would also like to manage permissions through the Google domain management UI. One thought is to create groups and associate group membership with extranet permissions.

Research

Google Apps supports login using OAuth 2.0 and also supports provisioning via API, which would allow us to test if a user is a member of a group. The Provisioning API presumably requires administrator credentials.

Question

Is it possible to programatically determine whether a Google Apps user is a member of a group without requiring domain administrator credentials?

Is there a better way to accomplish this goal?

like image 665
Eric J. Avatar asked May 17 '13 04:05

Eric J.

People also ask

How can I tell if a user is a member of a group?

Get-ADUserMemberOf -User “User” -Group “Group” It will return True if user is member of group and will return False if user is not member of the group.

How do you check if a user is a member of a group in Linux?

Explanation: id -nG $USER shows the group names a user belongs to. grep -qw $GROUP checks silently if $GROUP as a whole word is present in the input.

What determines membership in a group?

If a person chooses to become a member of a new social group, similarly the associations between the social groups and the self are determined by the compatibility between the new in-group and the previous in-group.

How do you check if a user is part of a group windows?

Hit Windows+R, type “lusrmgr. msc” into the Run box, and then hit Enter. In the “Local Users and Groups” window, select the “Users” folder, and then double-click the user account you want to look at. In the properties window for the user account, switch to the “Member Of” tab.

1 Answers

The API call to check group membership does require at least a delegated admin with rights to read groups via the API. If you utilize the new Google Admin SDK membership API call, you can also limit the scope to readonly:

https://www.googleapis.com/auth/admin.directory.group.readonly

The Admin SDK utilizes OAuth 2.0 which does not require the delegated admin's username/password, only the OAuth token.

like image 165
Jay Lee Avatar answered Sep 20 '22 05:09

Jay Lee
Sign in to Comment

Related questions

Accessing a public calendar using Google API without requiring a user to log in
Keyless access to Google Maps Platform is deprecated
How to Create a Project in Google Developers Console
Google API Error 400: "Client project not found"
where can i find ServiceAccountCredential
Revoke access granted to my app Google Drive API
Android - Google Maps API v2 - SupportMapFragment Errors
Performing Google Federated Login/oAuth2 after initial Authentication
Is there a Hello World example for the Google Contacts API in Java, C#, Python or Ruby?
Google Drive Api - Custom IDataStore with Entity Framework
Knowledge Graph API in BigQuery
Is there an official API for Google calculator?
Does Google offer an API that I can use to get the location of my phone?
Unable to find System Image in Emulator in Android Studio with Google APIs
Google token refresh returns "Token has been expired or revoked."
What is diff between requestIdToken and requestServerAuthCode in google singnin
How to Troubleshoot Android GCM 401 error?
Is there any way to modify an event created at Google Calendar from external app?
Google hosted jQuery and webfonts causing webkit warnings
way to access user's Google Finance portfolio?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!