-
Notifications
You must be signed in to change notification settings - Fork 8
Authentication With Service Discovery
This methods use google-oauth and google-api-python-client libraries for authentication.
see google-auth documentation for extend auth capabilities
see google documentation Using OAuth 2.0 to Access Google APIs for resource in other languages
check your customer installation: if you're not in sites.lumapps.com, replace in api 'sites.lumapps.com' with the domain you can see in the url address of your LumApps. eg: "sites-ms.lumapps.com".
You can use this scenario.
You have to authorize the "https://www.googleapis.com/auth/userinfo.email" scope.
You need a refresh token in order to use this method. It can be retrieve by building a web app and setup an login process, or by using the oauthplayground.
from googleapiclient.discovery import build
from google.oauth2.credentials import Credentials
CLIENT_ID = "XXX.apps.googleusercontent.com"
CLIENT_SECRET = "YYY"
REFRESH_TOKEN = "ZZZ"
def build_lumapps_service():
credentials = Credentials(None,
{"client_id":CLIENT_ID,
"client_secret":CLIENT_SECRET,
"refresh_token":REFRESH_TOKEN,
"access_token":None,
"token_uri":"https://accounts.google.com/o/oauth2/token"
})
discovery_url = "https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest"
service = build("lumsites", "v1",
credentials=credentials,
discoveryServiceUrl=discovery_url)
return serviceService account must have domain wide delegation to use this method.
from google.oauth2 import service_account
from googleapiclient.discovery import build
import json
scopes = ["https://www.googleapis.com/auth/userinfo.email"]
email = "EMAIL_TO_USE_WITH_DELEGATION"
def build_lumapps_service():
# A / create credential with the service account
credentials = service_account.Credentials.from_service_account_info(json.load(open('service-account.json')))
credentials = credentials.with_scopes(scopes)
# B/ add delegation
credentials = credentials.with_subject(email)
# C/ build the service
discovery_url = "https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest"
service = build("lumsites", "v1",
credentials=credentials,
discoveryServiceUrl=discovery_url)
return serviceAsk LumApps Lab to register your service account clientId on your customer. This allow the service account to retrieve access token for any user on your LumApps platform.
import json
from googleapiclient.discovery import build
from google.oauth2.credentials import Credentials
from google.oauth2 import service_account
scopes = ["https://www.googleapis.com/auth/userinfo.email"]
def build_lumapps_service():
# A / create credential with the service account only
credentials = service_account.Credentials.from_service_account_info(
json.load(open("service-account.json")))
credentials = credentials.with_scopes(scopes)
# B / connect to LumApps and ask the user/getToken url
discovery_url = "https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest"
service = build("lumsites", "v1",
credentials=credentials,
discoveryServiceUrl=discovery_url)
response = service.user().getToken(customerId=CUSTOMER_ID, email="user@email.com")
# response contains the "accessToken" and "expiresAt" (valid for 24h)
# C / next calls use only the user token
user_credentials = Credentials(resp['accessToken'])
user_service = build("lumsites", "v1",
credentials=user_credentials,
discoveryServiceUrl=discovery_url)
# ex user_service.user().get() will return the user profile
# it's also possible to use
# a direct GET call to https://lumsites.appspot.com/_ah/api/lumsites/v1/user/get
# using the token in the "Authorization" header
return user_service