[fpc-devel] Google APIs - Authenticate using a service account?
Wayne Sherman
wsherman at gmail.com
Sat Jun 27 03:27:50 CEST 2020
Is there support in the fpc google api units for authenticating as a
service account?
Background:
Service accounts allow an application to interact with Google APIs
without authenticating as a specific user. Instead a service account
is created with it's own credentials, ID, and key. By authenticating
as a service account, applications can perform tasks on behalf of the
users in a G Suite domain without having to have their login
passwords.
Here is what it looks like in python:
Create a Credentials object from the service account's
credentials and the scopes your application needs access to.
For example:
[python code]
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/gmail.labels']
SERVICE_ACCOUNT_FILE = '/path/to/service.json'
credentials = service_account.Credentials.from_service_account_file(
SERVICE_ACCOUNT_FILE, scopes=SCOPES)
[/python code]
Delegate domain-wide authority
If you have delegated domain-wide access to the service account and
you want to impersonate a user account, use the with_subject method
of an existing ServiceAccountCredentials object.
For example:
[python code]
delegated_credentials = credentials.with_subject('user at example.org')
[/python code]
Use the Credentials object to call Google APIs in your application.
Reference Link:
https://developers.google.com/identity/protocols/oauth2/service-account
Background Links:
https://cloud.google.com/docs/authentication/
https://cloud.google.com/iam/docs/service-accounts
(btw, *thank you* Michael Van Canneyt et al. for your work in
providing the Google API support in fpc)
More information about the fpc-devel
mailing list