Hello Abhay, The Provisioning API supports both 2LO and 3LO authentication.
In 3-legged OAuth the Admin needs to grant access to the application to allow application to create users in the domain. Non-admin cannot grant access. This is different from 2LO because 2LO would allow the application to authenticate itself as the admin. You can use the stored access token that was obtained in exchange of permission granted by the domain admin. Thanks, Shraddha Gupta Developer Programs Engineer Hyderabad, Google India. On Fri, Dec 16, 2011 at 11:40 PM, Abhay <[email protected]> wrote: > Hi, > > Can anyone elaborate the difference between 2-legged and 3-legged > OAuth in terms of > 1. If provisioning API supports both of them? > 2. A non-(Google Apps Admin) user of a domain, if grants my > application (which uses 3-legged OAuth), can create users in their > domain? > I mean, only Admin can create users and in 3-legged OAuth, the > user granting access, may not be the Admin. So in a way, how does 3- > legged OAuth handle this different to 2-legged? > > Also, my app allows Google SSO with OpenID. So can the access tokens > generated and stored securely earlier, can be used in this Auth > scheme? > > Thanks in advance. > > On Dec 14, 7:14 pm, Abhay <[email protected]> wrote: > > Thanks Gunjan. > > > > That really helped me clear my vision for the implementation. > > > > On Dec 10, 2:29 am, Gunjan Sharma <[email protected]> wrote: > > > > > > > > > > > > > > > > > Hello Jorge > > > > > OAuth 1.0 is stable and fully functional. > > > where as OAuth 2.0 is easier to use but not stable yet. > > > Its upto you now what you want to use. > > > > > The polling by Google server issue has been a very much wanted > feature. We > > > already have this feature request in our issue tracker. You can star > this > > > issue< > http://code.google.com/a/google.com/p/apps-api-issues/issues/detail?i.. > .>and > > > you will notified about what ever changes are made. > > > > > Thanks > > > Gunjan Sharma | Developer Programs Engineer | [email protected]| > > > +91 > > > 7702534446 > > > > > On Fri, Dec 9, 2011 at 3:58 PM, Jorge Luis Mendez <[email protected] > >wrote: > > > > > > Hello Gunjan, > > > > > > >Currently there is no way that you can make the Google servers poll > you > > > > >back when there is a creation/edition/deletion of a user. So only > thing > > > > you > > > > >can do is to check in timely fashion to see if any action was taken. > > > > > > Are there plan to provide this functionality? or are there plans to > > > > provide an API to retrieve the changes after a given date? > > > > > > Thanks, > > > > Jorge Luis > > > > > > On Dec 9, 3:52 pm, Jorge Luis Mendez <[email protected]> wrote: > > > > > Hello Gunjan, > > > > > > > Other query's answer:> 1. The best way is to authenticate is using > OAuth. > > > > > > > OAuth or OAuth 2.0 is the recommend method to authenticate for the > > > > > Provisioning API? > > > > > > -- > > > > You received this message because you are subscribed to the Google > Groups > > > > "Google Apps Domain Information and Management APIs" group. > > > > To post to this group, send email to > > > > [email protected]. > > > > To unsubscribe from this group, send email to > > > > [email protected]. > > > > For more options, visit this group at > > > >http://groups.google.com/group/google-apps-mgmt-apis?hl=en. > > -- > You received this message because you are subscribed to the Google Groups > "Google Apps Domain Information and Management APIs" group. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-apps-mgmt-apis?hl=en. > > -- You received this message because you are subscribed to the Google Groups "Google Apps Domain Information and Management APIs" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-apps-mgmt-apis?hl=en.
