I try to implement the microsoft auth into my application using Laravel Socialite, but since I'm working in a multi-tenant environment, I need to assign a user to a organisation. Is there anything such a microsoft organisation id or a domain name I can access in the docs? I'm unable to find it in the docs.
Also I try to get the street, postal and city and wasn't able to access that as well, but this is not as critical as the company identifier.
I found this thread, but it handles over Google, so maybe the approach might be similar:
How do I get a user's organization id when they login with Google oauth?
As I searched, I also found this docs, which seems to list all available fields of oauth: https://learn.microsoft.com/de-de/azure/active-directory/develop/id-tokens
https://learn.microsoft.com/en-us/graph/auth-v2-user#4-use-the-access-token-to-call-microsoft-graph
According to this docs: https://learn.microsoft.com/en-gb/previous-versions/azure/ad/graph/howto/azure-ad-graph-api-permission-scopes you can add tenant details to the request including the id, display name and verified domains.
Related
I'm developing integration with Google Ads API using their Ruby gem library.
I have an approved oAuth2 account for the Ads scope with an approved developer token that allows any external user to connect with our API.
I have a Google Ads account that manages our own Ads account and two other accounts.
When I authenticate with the API and approve it, I then grab the account with
graph = get_accounts_graph()
Apps::GoogleAds::Account.get_accounts_map(graph)
This surprisingly returns just ONE Ads account, and one that belongs to a client that we manage. Our own two Ads accounts are missing.
So I tried to compare between our client's account and our own.
Under https://ads.google.com/aw/accountaccess I can clearly see we have admin rights to our two ad accounts, just like we do to the client account.
Am I missing some setting somewhere? Has anyone experienced this before?
I ran into this issue at the beginning. The sample in the API client libraries (which I'm going to assume you are using here), calls the customer service
customer_service.list_accessible_customers()
There's actually two different services for retrieving customer account IDs. The customer service only allows access to accounts that are added as direct admins on each account. This is an important distinction as manager accounts don't fall into this category.
What you need to call is the regular GoogleAdsService (not the customer service!) and put your request in the query itself..
query = "SELECT customer_client_link.client_customer FROM customer_client_link"
This will give you a list of account IDs as resource names, not accessible accounts. And you can iterate over them as usual.
Hope that helps.
I'm using Laravel Socialite to handle logging in with Google. In response I can see the user's domain. I was wondering if there was also a way to get an organization id that's user belongs to.
I was wondering if there was also a way to get an organization id
that's user belongs to.
No. The only information that you have access to is stored in the Access Token and ID Token. The exception being if the Access Token also provides API access (privileges) to GCP or G Suite.
You'll need to request additional scopes to find the organization ID [1].
[1] https://cloud.google.com/resource-manager/reference/rest/v1/organizations/search
I'm trying to create a service account to use Google API's for gmail. However, I cannot find the client ID to provide domain wide access, as mentioned in https://developers.google.com/identity/protocols/OAuth2ServiceAccount .
There is a Service Account ID , but no client ID. Also, while creating a service account, it gives 2 default accounts - App engine and compute engine and there is no mention in documentation if I should be using that.
It also asks to give a service account name, unlike earlier where it used to generate the Service Account Name. Looks like documentation has not been updated to capture these changes.
Any help is appreciated.
I have integrated Google sign-in in our application, I need to check whether the logged in user is a teacher or student ,Organisation(school) name and Grade... Is there any API to get these details from Google and how to get the details form Google.
Regarding whether a user is a student or a teacher, see this answer.
It's not possible to determine the grade or school name via the Classroom API. (Please add a feature request for this so we can judge whether it's something a lot of developers would find useful!)
I'm developing something with the Google Books API, but I think this can be generalized across many of Google's APIs.
Suppose I have an app that's got a social aspect where I can add friends and see their Google Books collection. From the API docs, it says I can retrieve anybody's collection if I know their userid, but I can't find any way to retrieve it programmatically. The only thing I can expect a user to know is their friend's gmail address (or Google Account Login, which, for these purposes, is the same thing). The only way I can somehow get it is through a URL on their web interface for Google books. Making users do it that way is an obscure form of torture.
Does anyone know if this is possible with any Google service?
Specifically, suppose I had a gmail address: example#gmail.com, could I then query some Google service to get the userid for that user? A userid is a basically a really big number (around 20 digits)
Here's a similar question with a solution/workaround from Nick Johnson:
The current workaround is to create a
User object, store it to the
datastore, and fetch it again. If the
email corresponds to a valid Google
account, the User object in the
returned entity will have its user_id
field populated.