play-v29/com.gu.googleauth/GoogleGroupChecker

GoogleGroupChecker

com.gu.googleauth.GoogleGroupChecker

class GoogleGroupChecker(impersonatedUser: String, serviceAccountCredentials: ServiceAccountCredentials, cacheDuration: Duration)

The Directory API can tell you what groups (ie Google Group) a user is in.

You can use a Service Account to access the Directory API (in fact, non-Service access, ie web-user, doesn't seem to work?). The Service Account needs the following scope: https://www.googleapis.com/auth/admin.directory.group.readonly - note that if you're using TwoFactorAuthChecker it requires a different scope: https://www.googleapis.com/auth/admin.directory.user.readonly

So long as you have the Service Account certificate as a string, you can easily make an instance of com.google.auth.oauth2.ServiceAccountCredentials with ServiceAccount.credentialsFrom(java.lang.String).

Value parameters

cacheDuration: how long to cache each user's groups for (defaults to 1 minute).
impersonatedUser: a separate domain-user account email address (eg '[email protected]'), the email address of the user the application will be impersonating when making calls.
serviceAccountCredentials: Google OAuth2 credentials.

GoogleGroupChecker

Value parameters

Attributes

Members list

Type members

Types

Value members

Concrete methods