go/oauth2-proxy
1
0
Fork 0
mirror of https://github.com/oauth2-proxy/oauth2-proxy.git synced 2025-08-06 22:42:56 +02:00
Code Issues Releases Activity

feat: allow use more possible google admin-sdk api scopes (#2743)

Browse Source 
* feat: Allow use more possible google admin-sdk api scopes.

* reduce cognitive complexity

Signed-off-by: Bob Du <i@bobdu.cc>

* remove unnecessary else block / indentation

Signed-off-by: Jan Larwig <jan@larwig.com>

* add changelog entry

Signed-off-by: Jan Larwig <jan@larwig.com>

* slight formatting and error message rephrasing

Signed-off-by: Jan Larwig <jan@larwig.com>

---------

Signed-off-by: Bob Du <i@bobdu.cc>
Signed-off-by: Jan Larwig <jan@larwig.com>
Co-authored-by: Jan Larwig <jan@larwig.com>
This commit is contained in:
Bob Du
2025-07-21 15:06:17 +08:00
committed by GitHub
parent 3ac834dbcf
commit 4d17bc1d68
4 changed files with 69 additions and 27 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
docs/docs/configuration/providers/google.md
View File

@ -37,18 +37,17 @@ account is still authorized.
#### Restrict auth to specific Google groups on your domain. (optional)
1. Create a [service account](https://developers.google.com/identity/protocols/OAuth2ServiceAccount) and configure it
1. Create a [service account](https://developers.google.com/identity/protocols/oauth2/service-account) and configure it
to use [Application Default Credentials / Workload Identity / Workload Identity Federation (recommended)](#using-application-default-credentials-adc--workload-identity--workload-identity-federation-recommended) or,
alternatively download the JSON.
2. Make note of the Client ID for a future step.
3. Under "APIs & Auth", choose APIs.
4. Click on Admin SDK and then Enable API.
5. Follow the steps on https://developers.google.com/admin-sdk/directory/v1/guides/delegation#delegate_domain-wide_authority_to_your_service_account
5. Follow the steps on [Set up domain-wide delegation for a service account](https://developers.google.com/workspace/guides/create-credentials#optional_set_up_domain-wide_delegation_for_a_service_account)
and give the client id from step 2 the following oauth scopes:
```
https://www.googleapis.com/auth/admin.directory.group.readonly
https://www.googleapis.com/auth/admin.directory.user.readonly
https://www.googleapis.com/auth/admin.directory.group.member.readonly
```
6. Follow the steps on https://support.google.com/a/answer/60757 to enable Admin API access.