Google Apps Marketplace SDK +全域OAuth 2 SSO [英] Google Apps Marketplace SDK + Domain-wide OAuth 2 SSO
问题描述
我们一直在研究要由域管理员安装的Google Apps应用.我们最初尝试通过(现已淘汰)市场列表将其列出,但是现在所有新提交的内容都必须通过Google Apps Marketplace SDK.
我们在使用新的GAM SDK SSO时遇到了问题-尽管已在内部将其安装在我们的域中,但在将每个用户发送到OAuth登录网址时,会通过同意屏幕提示每个用户. OAuth网址要求的权限范围与在GAM SDK配置屏幕中注册的权限范围相同.
对于如何为GA管理员安装的应用提取不受挑战的SSO,文档似乎完全矛盾.
我们应该在没有要求(大概已经授予)同意的情况下,向用户发送带有什么参数的url,带有哪些参数?
您可以共享要求授权的代码吗?
10次中的9次,如果提示域中的每个用户,那是因为您要进行脱机"访问.不能对脱机访问进行域范围的授权.例如,在Python中,您可以这样做-constructor_kwargs = {
'redirect_uri': GOOGLE_AUTH_CALLBACK_URL,
'auth_uri': client_info['auth_uri'],
'token_uri': client_info['token_uri'],
'access_type' : 'online'
}
flow = OAuth2WebServerFlow(client_info['client_id'],
client_info['client_secret'],
SCOPES, **constructor_kwargs)
We've been working on an Google Apps-app meant to be installed by a domain administrator. We initially tried to list it via the (now deprecated) market listing, but all new submissions must now go through the Google Apps Marketplace SDK.
We're having an issue with the new GAM SDK SSO however - despite having installed it on our domain internally, each user is prompted via the consent screen when sending them to the OAuth login url. The OAuth url is asking for the same permission scope as is registered in the GAM SDK configuration screen.
The docs seem to be entirely conflicting on how to pull off non-challenged SSO for apps installed by the GA admin.
What url, with what params, we should be sending users to authenticate with GA without being asked for (presumably already granted) consent?
Can you share the code with which you are asking for authorization?
9 out of 10 times, if each user in the domain is getting prompted, that is because you are asking for "offline" access. Domain wide authorization cannot be done for offline access. In Python for instance, you can do that like this -
constructor_kwargs = {
'redirect_uri': GOOGLE_AUTH_CALLBACK_URL,
'auth_uri': client_info['auth_uri'],
'token_uri': client_info['token_uri'],
'access_type' : 'online'
}
flow = OAuth2WebServerFlow(client_info['client_id'],
client_info['client_secret'],
SCOPES, **constructor_kwargs)
这篇关于Google Apps Marketplace SDK +全域OAuth 2 SSO的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
