Re: [google-apps-apis] 2-Legged OAuth IMAP Access for users in secondary domains

63 views
Skip to first unread message
Message has been deleted

Robert Norris

unread,
Jun 2, 2011, 7:15:36 PM6/2/11
to google-app...@googlegroups.com
The docs don't make it very clear. The URL needs to be structured like so:


You always use the consumer key and secret for the primary domain however.

This URL style works fine for the primary domain as well, so you won't need to special-case it.

I can provide sample code in Perl if anyone is interested.

Cheers,
Rob.


On Wed, Jun 1, 2011 at 7:28 AM, andy <andrew...@cloudsolutions.co.uk> wrote:
We have an app that used 2-legged OAuth to access email via IMAP for users within Google Apps for business domains, as described here: http://code.google.com/apis/gmail/oauth/protocol.html

This all works fine when the email of users in the primary domain is accessed. For example, the user is in domain1.com, the OAuth key and secret from domain1.com is used, the xoauth_requestor_id is set to a user from domain1.com etc.

The problem is if trying to access email from a user in a secondary domain within the Google Apps account - the OAuth IMAP authentication does not work.  For a user in a secondary domain the following URL has been used:

And then the OAuth signature that is used as part of the IMAP authentication has been created with the OAuth key and secret from the primary domain.

Is there anything else that needs to be done to get this working?  Are there specific OAuth scopes that need to be added (bearing in mind that when working with users in the primary domain it works fine)?

Thanks,

Andrew

--
You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group.
To post to this group, send email to google-app...@googlegroups.com.
To unsubscribe from this group, send email to google-apps-mgmt...@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.

Andrew

unread,
Jun 29, 2011, 9:18:51 PM6/29/11
to google-app...@googlegroups.com
Hi Rob,

I'm having the same problem and it looks to me like I have the URL in the format you specified. It works for primary domains but not secondary. Did you have to make any other changes to get this working such as under the Advanced tools settings?

Cheers
Andrew

Andrew

unread,
Jun 29, 2011, 9:33:39 PM6/29/11
to google-app...@googlegroups.com
I think I just figured this out. You also need to register API access. In the management console go to Advanced Tools | Manage API Client Access. In the client name add the consumer key for your primary domain and in the API Scope field add https://mail.google.com/. This worked for me.

Cheers
Andrew
Reply all
Reply to author
Forward
0 new messages