0

Does the Google Apps Email Migration API v2 support 2 legged oAuth1?

I've looked at this answer, but I believe it refers to the older version of the Email Migration API: Does Google Apps Email Migration API support 2 legged oAuth?

I have been able to authenticate an Email Migration API request using OAuth1 w/ tokens, but all of my 2 legged OAuth 1 attempts have failed. I have tried including xoauth_requestor_id and it has not had an effect.

There is some hinting in the docs that OAuth1 w/ tokens may be required, but I was hoping to confirm that that is the case.

For example the docs say: "If your application has certain unusual authorization requirements, such as logging in at the same time as requesting data access (hybrid) or domain-wide delegation of authority (2LO), then you cannot currently use OAuth 2.0 tokens. In such cases, you must instead use OAuth 1.0 tokens and an API key."

It seems clear there that "tokens" are referenced, however the word "token" is also used to describe the Authorization request header, so it is less clear that this means OAuth1 request tokens.

Any help is greatly appreciated. Thanks!

Community
  • 1
  • 1
tdg5
  • 1,131
  • 7
  • 6

1 Answers1

0

The section you are referring to doesn't seem up to date. You can have domain-wide delegation of authority using OAuth 2.0. It's called Service Account. Once authenticated, you do exactly the same that you used to do with 2-legged OAuth 1.0.

Here are the steps you need to get started:

  1. Go to Google Developer Console
  2. Create a project if you don't already have one
  3. Go to APIs & auth --> APIs and activate the Admin SDK
  4. Go to APIs & auth --> Credentials and click CREATE NEW CLIENT ID
  5. Select Service Account and click Create Client ID
  6. Download the p12 private key file (and keep it safe !)
  7. Go to your Google Apps Admin Panel
  8. Go to Security --> Advanced Settings --> Manage OAuth Client Access (Direct URL: https://admin.google.com/AdminHome?#OGX:ManageOauthClients)
  9. Enter the Client Id you just created along with the scopes you'll need, separated with commas (In your case, https://www.googleapis.com/auth/email.migration)
  10. Go to your favorite language client library documentation and find how to authenticate using the private key file you downloaded earlier and also impersonate your domain users.

Hope that helps.

Thibault Pouget
  • 71
  • 3