We are using People API to fetch details from Directory . The API is not returning the name for most of the people in the directory. 2 accounts in our GSuite account alone provide the name field, while the others don't. However, other details like emailAddresses and phoneNumbers are available for everyone.
We didn't find any finer grained control for individual fields when using the setting External Directory Sharing → Domain and public data
We tried to change the setting from default to External Directory Sharing → Public data and authenticated user basic profile fields. However, this results in API response showing PERMISSION_DENIED error.
For one of the users in directory, we created Google Currents account. When the account was created and active, the name field became available for this user. After the account was deleted/deactivated, the name field was no longer available.
People API being used:
GET https://people.googleapis.com/v1/people:searchDirectoryPeople?query=a&sources=DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT&sources=DIRECTORY_SOURCE_TYPE_DOMAIN_PROFILE&readMask=emailAddresses,names,phoneNumbers,photos
The docs we have referred to so far are as follows:
People API - Search Directory:
https://developers.google.com/people/api/rest/v1/people/searchDirectoryPeople
Let third-party apps access Directory data:
https://support.google.com/a/answer/6343701
A merged view of people information:
https://developers.google.com/people/#a_merged_view_of_people_information
Edit:
cURL command:
curl --location --request GET 'https://people.googleapis.com/v1/people:searchDirectoryPeople?query=s&sources=DIRECTORY_SOURCE_TYPE_DOMAIN_CONTACT&sources=DIRECTORY_SOURCE_TYPE_DOMAIN_PROFILE&readMask=emailAddresses,names,phoneNumbers,photos' \
--header 'Authorization: Bearer <access-token>'
This is a known bug with the People API.
You can find it here in Google's issue tracker: https://issuetracker.google.com/issues/196235775?pli=1. If this bug is impacting you, I highly suggest you leave a comment letting the team know you're currently facing the issue and leave a +1 by clicking the "+1" button on the top right.
In the comment section of this question, it was suggested that this behavior is to be expected and is related to privacy. It's safe to say that's not the case as 1. the issue was accepted as a bug by the Google team, and 2. all other information is successfully returned from the API aside from this field.
Additional information on the resolution
Back in August of 2022, the Google team explained the fix was being held up by a bigger effort:
Hello there - apologize for the delay, we did identify the root cause,
however the fix is blocked on another bigger effort. We recently
started making progress on the blocking issue, and will provide an ETA
as soon as we figure out some of the unknowns for the solution.
However, recently (January 17th, 2023), the bug was assigned to someone at Google. This may suggest that the bigger effort was completed and that the team is now unblocked.
Potential workaround
Hopefully the bug is fixed soon. But in case we're waiting for a while, these workarounds may help.
Email is reliably returned for all directory users. The OP doesn't mention the exact context in which he or she is using the API, but for some applications you might be able to get away with using email (e.g. if you're just trying to identify the Directory user to the end user).
Additionally, if user email addresses in your directory follow a uniform formatting, you should be able to parse those to get the name. This is the workaround I'm currently using. E.g.
john.smith#example.com -> John Smith
jsmith#example.com -> J. Smith
jsmith3#example.com -> J. Smith (if you're at a large organization, you may have to remove some numbers)
Meta Sidenote
Yes, it's valid to post that something is a known bug as an answer. Check out this link if you have questions: https://meta.stackoverflow.com/a/369622/1101602.
Related
How? Easiest method?
Tried using postman on desktop, googles OAuth2 playground and google help pages to try make sense of what to do. Ended up using GAM as this is the easiest and gives the most helpful responses.
I have tried changing this from multiple places and i always get the error:
ERROR: 400: #UserInIllegalDomain Invitation cannot be created for user in this domain - failedPrecondition
the command:
gam update course 8077159861 owner hiddenusername#longleypark.ac.uk
(username is DEFINITELY correct ive just hidden it as its not vital information)
Any help would be much appreciated, from what i can tell some guides said to add longleypark.ac.uk to whitelisted domain under classroom but because this is the primary domain for this g suite it says you cant add your current domain so this isnt an option.
I believe the google API is broken. If anyone can prove otherwise would be a great help.
Google API support haven't managed to give me any proper response, keep saying they will test and let me know but I haven't been informed of any results yet.
Google forums support has informed me once a user account is deleted and 20 days have passed the account becomes unrecoverable which means any classrooms they are the owner of become "orphans" which means "limited functionality" and the inability to change the owner ever again, the only solution is to recreate the classroom from scratch, unfortunately along with the original account all the documents submitted to that classroom are also lost.
There are NO ways around this even though the ownerId field for a classroom really should be editable from some sort of database management tool or admin console/API.
I have run into this problem today. Thought using the API I'd be able to swap the ownerId, but no.
Bizarre that Google don't let you do this as a Google Workspace admin. We know have 3 GCSE sets which are unusable with 3 months of the 2 year course left. Very frustrating.
I'm trying to get reCaptcha working on my website.
I found out I have to register my domain for this first, since I already have a google account this is quite easy, but the very last checkbox made me think:
How does google determine who the owners are?
And what kind of alerts will those be? E-Mails?
I'm a bit worried that some random person will get an E-Mail one day not knowing what to do with it since I'm not the only one working on that domain. And if they just mean my google account I'm registering this with...that doesn't make sense because they should've written "you" instead of owners then. - although your site is making this even more confusing. :D
I'm aware this is not directly a programming question.
I'm open for suggestions for a better Stack-exchange platform to ask this question at, there are too many - I couldn't find any other that seem to fit.
In the reCAPTCHA admin settings, there is a textbox where you can enter a list of email addresses for owners. This will grant them access to manage the reCAPTCHA settings and send them alerts, if enabled.
I am trying to use the Admin SDK Directory api to look up user profiles. I am able to do this successfully all day (with in quota) with 99% of the time. Though there are certain times where it just fails no matter what.
Yes I have set the service account user, I have the proper scopes, I have admin api turned on.
It even fails in the google api explorer. See screen shots
The call:
https://www.dropbox.com/s/9v9m6s5zf76oix7/call.png?dl=0
The response:
https://www.dropbox.com/s/te6k3x5xjkr467j/response.png?dl=0
Sorry for the links, images keep showing as broken
After contacting google they supplied an answer. There is a setting for the contacts app that enables and disables this.
Admin console >> Google Apps >> Settings for Contacts >> Advanced settings
Contact sharing: Enable contact sharing
Make sure that is enabled and it works.
Here is a screen shot: https://www.dropbox.com/s/8jmzz7zw0xq4ux4/answer.png?dl=0
Honestly, it just seems like some sort of transient error on the Google side. Being that it's working ~99% of the time for you, means you're not doing anything wrong. I would consider this more true b/c you're also using a Google Tool rather than your own so you know it's not the code. When it's failing for you, does it also then fail with the API explorer? What about with the OAuth Playground?
If this is reproducible consistently (same times, after X amount of requests, etc.), it would be worth reporting the the Google for Work Support team (assuming you have the ability to contact support) as it sounds like a bug and they would be able to help with break/fix for API issues.
I'd like to be able to use site comment features on sites that use the Facebook Comments Social Plugin. When I'm logged in to Facebook, I see my profile picture next to the comment box and I can see other comments if any have been made.
When I make a comment, it shows up right away, but doesn't seem to register publicly. If I log out of Facebook, my comment disappears.
More information is coming to light, as well (added March 26, 2013). There are several people affected by this bug who have attempted to get help on Facebook with the issue, so far withouth success.
After I added a fake app to my Facebook developer profile, I was able to post a bug to Facebook, however it has been since closed without being resolved.
Since Facebook comments are now being used as the exclusive online interaction method by several news media outlets, this problem means that some Facebook users are disempowered from being part of the community discussion of news of the day. Does Facebook wish for that to be?
Over time and in conversations with many people, I've learned more about this issue. From the perspective of websites which host the comments plugin, I've learned that comments from certain users, not on the site banned list, are automatically queued by Facebook for moderation.
Also, I recently ran across an answer here on Stack Overflow that indicates that "Fresh" Facebook accounts are designed to be held for moderation in the Comments Plugin, presumably to prevent someone who has just created a Facebook account from using the new account to post spam comments on other websites. I wouldn't consider my account "Fresh" but it is still less than a year old. In the Facebook response which closes the website report they state "The affected user you added to the report has no friends and we suspect the user to be fake and request moderation. This is by design." While it is understandable that Facebook wants to limit the potential for fake users to post in these comments, this metric apparently also snares legitimate users.
Q.Mark, I strongly recommend that site owners not use the Facebook Social Plugin to support commenting on their sites, unless they want to annoy visitors.
Facebook uses an Orwellian blacklist/censorship model which prevents many people from posting comments. Users get no explanation for why their comments won't post. Rather, it's made to look like a malfunction of the web site, and it is only apparent after the users waste their time composing a comment.
There's discussion of the problem here (among many other places):
https://www.facebook.com/help/community/question/?id=10200248881692914
(Copy saved here:
http://burtonsys.com/Why_cant_I_post_comments_on_sites_that_have_the_facebook_social_plugin.pdf )
A FB "Like" button is useful, but site owners should not use Facebook to support comments. Use Disqus, or LiveFyre, or anything else besides Facebook.
(I realize this doesn't solve your problem, sorry! But perhaps if enough site owners dump Facebook for comments then Facebook will stop what they're doing.)
I was able to post a comment, but it didn't show up on my profile even though share on fb was enabled.
To submit a bug, all you need to do is go to developers.facebook.com/bugs and start typing something in the search field, and you'll see an option to create a bug report from there.
This is a similar question to How can i get list of Domain user's from Google Apps account?
However, I'd like to use a normal account (not an administrative account) to retrieve the user list. It seems like this should be possible as the gmail autocomplete returns domain contacts not listed in the user's contact store. I've looked at the autocomplete Ajax call, but it requires something in the beginning of the string (and no, I don't really want to loop through a-z one by one - that is just way to hacky). For example:
https://mail.google.com/mail/c/u/0/data/contactstore?ac=true&ct=true&gp=true&hl=en&id=domain&max=15&out=js&tok=beginningOfUsersName&type=4
Both versions of the Google contacts API seem to omit domain users unless you have them imported into your own contacts list. I've also looked at querying users in the "Coworkers" system group, all to no avail. I also find it interesting that "add a coworker's calendar" on Google calendar does not provide autocomplete - they use a popup instead.
I'm working on a C# project, but this is a general Google API question, so any pointers in any language would help.
Update
It looks like this is feasible now with admin/directory google api endpoints
see: https://developers.google.com/admin-sdk/directory/v1/guides/manage-users?authuser=0#retrieve_users_non_admin
Original answer
I was able to work around this issue, so I'll document the workaround, even if it doesn't involve Google. I wrote a program (in C#) to query the internal Active Directory (LDAP) store and pick up all the users from there instead. At that point I could get their email addresses and query Google with it. Not the best method, but it worked for my needs.
The C# was roughly patterned from this powershell script, although I pulled out the computers query and added in the capture of the user's email address: http://www.visualbasicscript.com/List-all-users-or-computers-in-the-default-domain-m35650.aspx
The LDAP property I included to get the proper email address for Google was 'proxyAddresses', although this will not be correct for all environments.