The configuration class for Google authentication
The Directory API can tell you what groups (ie Google Group) a user is in.
The Directory API can tell you what groups (ie Google Group) a user is in.
You can use a Service Account to access the Directory API (in fact, non-Service access, ie web-user, doesn't seem to work?). The Service Account needs the following scope: https://www.googleapis.com/auth/admin.directory.group.readonly
You also need a separate domain user account (eg [email protected]), which will be 'impersonated' when making the calls.
A Service Account calls Google APIs on behalf of your application instead of an end-user.
A Service Account calls Google APIs on behalf of your application instead of an end-user. https://developers.google.com/identity/protocols/OAuth2#serviceaccount
You can create a service account in the Google Developers Console:
https://developers.google.com/identity/protocols/OAuth2ServiceAccount#creatinganaccount
email address of the Service Account
the Service Account's private key - from the P12 file generated when the Service Account was created
the email address of the user the application will be impersonating
The configuration class for Google authentication
The ClientID from the developer dashboard
The client secret from the developer dashboard
The URL to return to after authentication has completed
An optional domain to restrict login to (e.g. guardian.co.uk)
An optional duration after which you want a user to be prompted for their password again
A boolean indicating whether you want a user to be re-authenticated when their session expires