I m currently trying to add a social login using Google One Ory Community #ory-network

I’m currently trying to add a social login using G...

quick-air-20498

09/19/2022, 4:37 PM

I’m currently trying to add a social login using Google. One of the requirements is to fetch all the groups that a user is a member of. I have tried the following scopes,

<https://www.googleapis.com/auth/admin.directory.group.member.readonly>

<https://www.googleapis.com/auth/groups>

. However, the groups list does not show up in

claims

. Has anyone run into this issue? Thanks!

quick-air-20498

09/19/2022, 4:42 PM

For context, Dex IDP requires a service account with the scope

<https://www.googleapis.com/auth/admin.directory.group.member.readonly>

famous-art-85498

09/19/2022, 4:54 PM

Hey, hmm, looks like this is part of admin API on gsuite, have you checked if for this app you have enabled this Admin API?

quick-air-20498

09/19/2022, 5:06 PM

Yes, I see that the Admin SDK API is enabled for this app on Google Console. Is there any of seeing all the information that the idp provides?

red-machine-69654

09/19/2022, 6:07 PM

You may have to enable the service account on the workspace admin as well. I just did that the other week and made screenshots.

red-machine-69654

09/19/2022, 6:09 PM

It‘s called domain wide delegation, in the advanced settings on the service account (bottom on the details). It's very confusing. 😆

red-machine-69654

09/19/2022, 6:10 PM

When you click that you have to enable the scopes again so it can access other accounts.

2 Views

Open in Slack

Previous Next