Code Monkey home page Code Monkey logo

Comments (6)

JoelSpeed avatar JoelSpeed commented on June 12, 2024

I believe this is a limitation on the Google API.

The way this works is by using a Google service account within your GSuite. You give this service account two permissions, one to read the group's within your organisation and one to read the users within your org.

The problem here is that the service account doesn't have permission to read users outside of your org and throws this error.

If I remember correctly the reason we have to look up users is to find their ID as when you retrieve a Group, it doesn't contain user emails but rather the user IDs as members.

If I'm wrong on that (or things have changed) then we may be able to rewrite the group checking mechanism in providers/google.go and fix this issue.

Will need some digging into the Google Admin API documentation!

from oauth2-proxy.

KSchmeeds avatar KSchmeeds commented on June 12, 2024

Hi Joel,

I tried out the the idea of the API being the limiting factor, so I checked the group membership using GAM with the print group-members. It did return all users in the group, even those with an @gmail.com address.

My knowledge with using the API is rather limited, but I think we just need oauth2_proxy to use a different request with a different API scope.

from oauth2-proxy.

JoelSpeed avatar JoelSpeed commented on June 12, 2024

Ok that sounds like good news to me, we may be able to fix this!

Do you happen to have an example of the API request you made and a maybe even a sample response? Might help us to find the right implementation from the SDK

from oauth2-proxy.

KSchmeeds avatar KSchmeeds commented on June 12, 2024

I can't find exactly which API call GAM uses when doing the "gam print group-members" command, but I think it might be using this one.

It looks like they also have this one, that returns a true/false if the user is a member of the group. This may be an easier one to implement.

from oauth2-proxy.

cemo avatar cemo commented on June 12, 2024

@KSchmeeds hasMember seems not working for outside of the domain but get is working. See:

https://developers.google.com/admin-sdk/directory/v1/reference/members/get?apix=true

from oauth2-proxy.

github-actions avatar github-actions commented on June 12, 2024

This issue has been inactive for 60 days. If the issue is still relevant please comment to re-activate the issue. If no action is taken within 7 days, the issue will be marked closed.

from oauth2-proxy.

Related Issues (20)

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. 📊📈🎉

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google ❤️ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.