Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Use Admin API without admin user

See original GitHub issue

Hello,

I’m using google-api-nodejs-client v12.2.0 for a studies project to create a small ERP. In this project, I create an oAuth 2.0 authentification. This authentification work fine with the admin user, but when a standard user try to login, an error is thrown:

Error: Not Authorized to access this resource/api

This error is returned by my get user method:

const ADMIN_API = googleapis.admin('directory_v1');

return new Promise((resolve, reject) => {

  if( typeof userKey !== 'string' && typeof userKey !== 'number' ) {
    reject('User key must be a string or a number !');
    return false;
  }

  ADMIN_API.users.get({
    auth: auth,
    userKey: userKey,
    projection: 'full',
  },
  (err, response) => {
    if (err) {
      console.log('ADMIN_API returned an error: ' + err);
      reject(err);
      return false;
    }
    else {
      console.log(response);
      resolve(response);
    }
  });
});`

I need this method to check if the user is an admin or not and get some informations.

My first question is: It’s the best solution to return user’s informations ?

If yes, I think I must use a delegate user (as explained here: https://developers.google.com/identity/protocols/OAuth2ServiceAccount), but I have not find any documentation about how to use a delegate user with google-api-nodejs-client.

Any idea ?

Issue Analytics

State:
Created 7 years ago
Comments:10 (2 by maintainers)

Top GitHub Comments

1reaction

3thanZcommented, Feb 11, 2018

@wellczech I read the code at https://github.com/google/google-api-nodejs-client and found the solution. Basically getApplicationDefault has an override like that you can use to pass in the subject to impersonate:

google.auth.getApplicationDefault({
    subject: 'person@to.impersonate'
}, function (err, authClient, projectId) {
    ...
});

Hope you find this interesting.

0reactions

JustinBeckwithcommented, Apr 20, 2018

Greetings! It looks like this issue has been resolved. If you’re still running into issues - let us know!

Top Results From Across the Web

Get user domain groups list using the API without admin ...

I need to get list of user domain groups without Admin. Admin sdk can do this, but only with admin account of domain....

Allow Non-Server Admin Users to Login via the REST API ...

This feature request is for the ability to allow non-server admin users to login via the REST API without submitting the administrator's credentials....

REST API non-admin user - Atlassian Community

Yes, you can use REST as any user, even anonymous. But it respects the permissions.

Using the API without admin privileges? - Shopify Community

Hey, I was just wondering if it is possible to use the API without being an admin on a store. For example, if...

Update user profile through api without admin rights

Create a User in the Master realm (and assign it the admin role) for your Auth Service to use. Which version of Java...