On Thu, May 17, 2012 at 3:32 PM, Jeffrey McKay <jmcka...@gmail.com> wrote:
> Does OAuth 2.0 have an equivalent to what is described in OAuth 1.0 as "2
> legged" authentication? The idea is for a Google Apps domain administrator
> to obtain authorization to access the data of one of his users, without
> needing to know the user's password. Is that what a "service account"
> (server to server authentication) is for?
In short, yes.
>
>
> --
> You received this message because you are subscribed to the Google Groups
> "oauth2-dev" group.
> To view this discussion on the web visit
> https://groups.google.com/d/msg/oauth2-dev/-/pedpwTforeAJ.
> To post to this group, send email to oauth...@googlegroups.com.
> To unsubscribe from this group, send email to
> oauth2-dev+unsubscribe@googlegroups.com.
You can also use the service account flow to impersonate a user in a domain that you own. This is
very similar to the service account flow above, but you additionally call
GoogleCredential.Builder.setServiceAccountUser(String)
. Sample usage:
public static GoogleCredential createCredentialForServiceAccountImpersonateUser( HttpTransport transport, JsonFactory jsonFactory, String serviceAccountId, Iterable<String> serviceAccountScopes, File p12File, String serviceAccountUser) throws GeneralSecurityException, IOException { return new GoogleCredential.Builder().setTransport(transport) .setJsonFactory(jsonFactory) .setServiceAccountId(serviceAccountId) .setServiceAccountScopes(serviceAccountScopes) .setServiceAccountPrivateKeyFromP12File(p12File) .setServiceAccountUser(serviceAccountUser) .build(); } ===
--