The Geeky Asian

Everything You Need To Know

  • Home
  • Contact
  • Github
  • Discord Server

How To: Authorize using Json for Google Domain wide Delegation

August 18, 2020 by thegeekyasian 1 Comment

ShareTweet
Authorize-using-Json-for-Google-Domain-wide-Delegation

Using Json for Google domain wide delegation was one of the challenging tasks for me. The reason being the Google’s official documentation, as it uses p12 file to access service account.

After digging into a couple of recent versions of GoogleCredentials API, I figured out a method that allows us to access G-suite using service accounts.

How To: Authorize using Json for Google Domain wide Delegation

Unlike the credential generation using p12 file, json credentials doesn’t require the service account email. That is because the json itself has much more information about the G Suite account.

In order to build GoogleCredentials using json, you would be required two things. One is itself the json, second is the email address of a user with admin privileges.

Before proceeding forward with the implementation, do make sure that you have authorized your Google project for the domain-wide access of your organization.

Lets see how we can do it in two simple steps!

Installing Dependencies

Google’s dependency version 1.26.0 had an update that started supporting delegating a user using a json file. First, we need to make sure that all our dependencies are on at least 1.26.0 version, and are compatible with eachother.

Lets add the following dependencies in our maven project.

<!-- G Suite Admin SDK // Begins here-->
<dependency>
    <groupId>com.google.apis</groupId>
    <artifactId>google-api-services-admin-directory</artifactId>
    <version>directory_v1-rev118-1.25.0</version>
</dependency>
<!-- G Suite Admin SDK // Ends here -->

<dependency>
    <groupId>com.google.api-client</groupId>
    <artifactId>google-api-client</artifactId>
    <version>1.26.0</version>
</dependency>
<dependency>
    <groupId>com.google.oauth-client</groupId>
    <artifactId>google-oauth-client-jetty</artifactId>
    <version>1.26.0</version>
</dependency>
<dependency>
    <groupId>com.google.http-client</groupId>
    <artifactId>google-http-client-jackson</artifactId>
    <version>1.26.0</version>
</dependency>

Building Credentials

Once the dependencies are added, all we need to do is use the GoogleCredential builder with fromStream method. In addition to that, we need to provide scopes and the delegated users email (preferably admin).

And ta-da! We’re done

import com.google.api.client.googleapis.auth.oauth2.GoogleCredential;
import com.google.api.client.http.javanet.NetHttpTransport;
import com.google.api.client.json.jackson.JacksonFactory;
import com.google.api.services.admin.directory.Directory;
import com.google.api.services.admin.directory.DirectoryScopes;

import java.io.FileInputStream;
import java.io.IOException;
import java.util.Collections;

public class GSuiteWithJson {
    /**
     * Creates an authorized Credential object.
     * @param credentials The location of json credentials file generated
     *                    from developers console for service account.
     * @param userEmail The email address of the user (with admin privileges)
     *                  that needs to access the G-Suite account for the
     *                  organization.
     * @return An authorized Credential object.
     * @throws IOException If the credentials.json file cannot be found.
     */
    public Directory getDirectoryService(String credentials, String userEmail) throws IOException {
        return new Directory
                .Builder(new NetHttpTransport(), new JacksonFactory(),
                GoogleCredential
                        .fromStream(new FileInputStream(credentials))
                        .createScoped(Collections.singletonList(DirectoryScopes.ADMIN_DIRECTORY_USER))
                        .createDelegated(userEmail)
                        .toBuilder().build())
                .setApplicationName("G-Suite Json")
                .build();
    }

}

I have been trying for using Json for Google Domain wide Delegation and couldn’t find anything too helpful over the internet. So I just though about documenting this for you!

If this helped you out in any way, please like my Facebook page or follow my Twitter handle!

Feel free to drop any questions or feedback in the comments below!

ShareTweet

Filed Under: How to?

Your thoughts? Feedback? Anything?

Comments

  1. David S. says

    October 7, 2020 at 6:31 pm

    Thank you! I had been struggling with Google documentation myself, and your example really helped me. It’s also short, succinct, and clean!

    Reply

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

How to?

  • WebSockets
  • JasperReports with Custom Fonts
  • Get Request with Body using RestTemplate

Like me?!

Copyright © 2023 · The Geeky Asian