5

I am trying to get a list of all Google Apps users of a domain onto a public PHP website (without visitors of the site needing to login or do anything). I have a basic understanding of what needs to happen but can't quite piece it all together. It can't be as hard as it seems to me... could it?

Authentication and Authorization: I'm pretty sure it needs to use OAuth 2.0 ... but am unsure whether it needs 2 legged or 3 legged. I got another section of the site working with ClientLogin but that won't pull in Google Apps profiles, only user's first and last names (I need the other profile fields). I have set up the API access within the account and have that side of things all set (I believe).

I have found this page, which shows how to construct a URL request to get all Profiles (in every language except PHP of course) but don't understand how to implement this. http://code.google.com/googleapps/domain/profiles/developers_guide.html

I also tried this example but it just gives me a 401 after I enter the credentials. http://gdatatips.blogspot.com/2008/11/2-legged-oauth-in-php.html

I don't know which frameworks or includes are needed to accomplish this either. I have tried zend, OAuth.php and a whole bunch of other bootstraps... but keep getting lost as to what each is doing.

If someone could help me by outlining:

  1. Which files/framework I need to upload and include as a bootstrap
  2. What variables within those files I need to update with the Google credentials
  3. How I integrate the Google Profiles "Retrieve all Profiles" request with PHP

An ELI5 (explain it like i'm 5) overview would be very much appreciated... I'm sorry for my apparent incompetence, but I have been reading articles for nearly a week and have not gotten anywhere.

Thank you in advance for any help provided.

Claudio Cherubino
  • 14,896
  • 1
  • 35
  • 42
RANGER
  • 1,643
  • 2
  • 17
  • 31
  • In the OAuth process you'll need to redirect users to a google page in order for them to grant you the appropriate permissions. But you don't want to require visitors to login in any way?! please explain – ori Jan 15 '12 at 18:35
  • Correct, I'd like to have users visit the page and see the data (without being redirected) ... the authentication would take place behind the scenes. If the domain is mine, shouldn't I be able to display it's info on my site without asking website users to login? – RANGER Jan 16 '12 at 19:47

1 Answers1

6

Good question.

You'll need to implement the Google OAuth 2.0 process as it's described here (experimental?), because someone (you) will need to give your app the initial permissions to access Google Apps API. Steps are:

  • Register your domain with google (don't remember the link)
  • Redirect/send browser to an authentication url: https://accounts.google.com/o/oauth2/auth, with the appropriate request params (see the first link). You'll need access_type=offline, your scope would be https://apps-apis.google.com/a/feeds/user/
  • Get a code back, then exchange for a refresh_token, an access_token, and a value specifying when the access_token will expire. Store these in a database
  • Whenever you need to make an API call, check if your access_token has expired or not, and refresh when necessary, which is what the refresh_token is for. The refresh_token is valid as long as you don't revoke the access you gave to the app.

OAuth Playground helps a lot. Good luck.

ori
  • 7,817
  • 1
  • 27
  • 31