Skip to content

Authentication With Service Discovery

Jump to bottom
Jean-Sébastien Sevestre edited this page Jul 12, 2019 · 21 revisions

This methods use google-oauth and google-api-python-client libraries for authentication.

see google-auth documentation for extend auth capabilities

WebAuth

You need a refresh token in order to use this method. It can be retrieve by building a web app and setup an login process, or by using the oauthplayground

from googleapiclient.discovery import build
from google.oauth2.credentials import Credentials


CLIENT_ID = 'XXX.apps.googleusercontent.com'
CLIENT_SECRET = 'YYY'
REFRESH_TOKEN = 'ZZZ'

def build_lumapps_service():
    credentials = Credentials(None, {"client_id":CLIENT_ID,
                                     "client_secret":CLIENT_SECRET,
                                     "refresh_token":REFRESH_TOKEN,
                                     "access_token":None,
                                     "token_uri":'https://accounts.google.com/o/oauth2/token',
                                     })

    service = build('lumsites', 'v1',
                    credentials=credentials,
                    discoveryServiceUrl='https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest')

    return service

Service account with delegation

Service account must have domain wide delegation to use this method.

from google.oauth2 import service_account
from googleapiclient.discovery import build
import json

scopes = ['https://www.googleapis.com/auth/userinfo.email']

email = "EMAIL_TO_USER_WITH_DELEGATION"

def build_lumapps_service():
    credentials = service_account.Credentials.from_service_account_info(json.load(open('service-account.json')))
    credentials = credentials.with_scopes(scopes)
    credentials = credentials.with_subject(email)  # create delegation

    service = build('lumsites', 'v1',
                    credentials=credentials,
                    discoveryServiceUrl='https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest')
    return service

Service account without delegation

Ask LumApps Lab to register your service account clientId on your customer. This allow the service account to retrieve access token for any user on your LumApps platform.

import json
from googleapiclient.discovery import build
from google.oauth2.credentials import Credentials
from google.oauth2 import service_account


scopes = ['https://www.googleapis.com/auth/userinfo.email']

def build_lumapps_service():
    credentials = service_account.Credentials.from_service_account_info(json.load(open('service-account.json')))
    credentials = credentials.with_scopes(_api_scopes)
    #no delegation required

    service = build('lumsites', 'v1',
                    credentials=credentials,
                    discoveryServiceUrl='https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest')
    resp = service.user().getToken(customerId=CUSTOMER_ID, email="user@email.com")


    # use the token
    user_credentials = Credentials(resp['accessToken'])

    user_service = build('lumsites', 'v1',
                    credentials=user_credentials,
                    discoveryServiceUrl='https://lumsites.appspot.com/_ah/api/discovery/v1/apis/lumsites/v1/rest')
    return user_service

Home

Clone this wiki locally