How to request Domain-wide Delegation through a consent screen, on G Suite

Question

I need to have access to Calendar information from a company's G Suite accounts, to synchronize data with the company system through a API.

When I need to provide access to my own data, there is a fairly simple way to do it. Using Oauth2, through a login window the user allows the API to access the requested data.

But in the G Suite documentation, the path indicated when involving the administrator and company data, involves the administrator accessing admin.google.com, go to the security-related session, and manually register my API, listing the scopes that he wants to grant me access.

To make a parallel, in Microsoft Graph there is a way to request consent from the domain administrator, where only a user consent / admin consent screen is displayed using Oauth2.

I wonder if there is a way to get this type of access in G Suite without requiring the end user to take such complicated steps to make my API work properly.

---

UPDATE: This question was originally posted in 2019, does anyone aware if something was changes since then?

Answer 1

You should use the Marketplace SDK for this. This allows you to publish an application to the Google Workspace Marketplace where company admins can choose to install it for their domain.

There are a couple things to keep in mind:

• There's an expectation that your application will have some sort of user facing presence (e.g. add-on, link to web app, etc).
• Google will review your app before publishing. Since you're not using Gmail or Drive scopes (for these, Google requires a 3rd party security review), this process should not be too difficult. But plan for it to take some time, and follow the best practices so it's done right the first time.

You also mentioned synchronizing calendars. If that means mainly reading, no problem, but if you're writing (a lot at once), be mindful of calendar use limits. These are per user and for all activity by that user (not just your app).