Being authenticated as user1, i'd like to retrieve mails of all the users who have delegated access to user1.
So i have two problems :
Retrieve all the accounts that have delegated access
Retrieve the mails
The emails-settings-API gives acccess to delegates, not delegators.
Is there a way to do that progamatically.
Feel free to ask for more information
To find out who has given you delegated access to their account, you would need to perform the retrieve delegates API call:
https://developers.google.com/google-apps/email-settings/#retrieving_all_gmail_delegates
for all users in your Google Apps instance.
Programmatic access to a user's gmail mailbox is provided by IMAP OAuth logins:
https://developers.google.com/google-apps/gmail/oauth_overview
However, there is currently no way for a delegate to access a delegators mailbox via IMAP so I'm afraid you're out of luck.
If you are an administrator, you can use IMAP OAuth login along with service accounts:
https://developers.google.com/accounts/docs/OAuth2ServiceAccount
this will give you programmatic access to all users in your Google Apps instance.
Jay
Related
I'm curious if it's possible to gain access to the Gmail settings of all users within a domain once a user with Admin access authenticates. I know using the Admin SDK, you have access to user settings, however, I'd like to setup email forwarding and it doesn't seem like it's possible without each user authenticating.
You may refer with this SO thread. Before you can call the Gmail API you need to use the service account "JWT flow" in your code to retrieve an OAuth2 credential for the Gmail user you want to access. Here is the documentation. You may also check this related post.
Using a service key: In the Gmail API, for example, I must impersonate the user to access their email. To access their calendar, however, I get an “error: unauthorized client” unless I remove the line impersonating the user. I then have to instead go to Calendar and share that calendar with the service account. Why? Surely, if I'm impersonating a user then they have access to their own calendars.
I am using outlook mail api, and trying to get emails from a shared mailbox.
Currently the mails of the user mailbox are fetched. I cant find a way to keep the same user but different mailbox.
No, it isn't (at least not currently). When you use the Authorization Code Grant flow to log in a user, the user consents only to allow the app to access their information. That consent doesn't include other folks information that they've shared with that user.
If you change your application to use the Client Credentials flow, then an administrator can grant the application access to all mailboxes in their organization. That's not quite the same scenario, but if your app needs to access multiple mailboxes, it might be a better solution for you.
The question is specific to gmail business/ educational accounts. In order to read emails from a gmail account i have written a dll in c++ which executes IMAP commands and then parses their responses. With the current IMAP implementation i need to login to each users mailbox with his username and password information. So i was wondering if there is any option in gmail business with which i can login to multiple users in a domain with single admin users credentials and without to need to get password from each indivdual user in the domain?
You could create a Service Account in the Google Developers Console and give it access to the Email scope for the domain. Whenever you want to access a mailbox, you'd obtain an access token (which can be cached for up to an hour) and then use it with the XOAUTH2 SASL for authentication.
https://developers.google.com/gmail/xoauth2_protocol
In my third-party web application of Office 365, I want to have access to the contacts, events and emails of all the users from the organizations who installed my app.
The thing is I don't want that all these users have to grant me access, I just want one admin of the org to grant access for my app and then be able to retrieve the data I need for all the users.
To test for one organization, I logged in as the admin and proceed to the Oauth2 authentication to retrieve the access token and in the first request (the GET one to retrieve an authorization code) i add the parameter prompt=admin_consent.
With this access token, I can access the data (emails, contact, event) of the admin
for instance for the contacts
uri: https://outlook.office365.com/ews/odata/Users(adminemail)/Contacts
but not the data of the other users of this org with this uri
uri: https://outlook.office365.com/ews/odata/Users(useremail)/Contacts
The only thing I can do is retrieve an access token for each user but it supposed that each user has to authorize the access to the app but it's very cumbersome.
So, i don't see what enables the parameter prompt=admin_consent and how to use it. Does anybody know what it does?
And my question is: how can I do to access the data of all the users of one organization when the access has been granted by one admin?
Thank you!
Thanks for your question! The scenario you are interested in (an app accessing data of all users of an organization once an admin grants access to the list) is not yet supported but is prioritized high on our list of features to add.
[UPDATE] Support for app accessing data of all users in a tenant is supported for Office 365 Mail, Calendar and Contact REST APIs. Please see Building Daemon or Service Apps with Office 365 Mail, Calendar, and Contacts APIs (OAuth2 client credential flow) for more info.
The scenario prompt=admin_consent is intended for, is different from your scenario. Admin consent simply means that the admin allows this app in the organization without the individual user to see the consent screen after signing on to the app. This special "I as the admin provide consent for this app on behalf of all my users" is triggered by the "prompt=admin_consent" parameter that is passed in during the authorize request. However, this doesn't allow the app to get AccessTokens for any user. Each user still has to get the app, sign in, and the app will hit the authorize endpoint and get a Refresh/AccessToken for the signed in user.
Please let me know if you have any questions or need more info.
Thanks,
Venkat