Is there an API that lets an application send invitations and requests to join a group?
I have checked the Google Directory API at https://developers.google.com/admin-sdk/directory/v1/reference/, but all I can find is the members API that lets an application directly add members.
What I am looking for is :
- to send a request to join a group,
- to list, accept or reject such requests,
- to send an invitation to join a group,
- to list, accept or reject such invitation.
I had no luck checking the reference, a google search and a search on stack overflow also turned out nothing. Does anyone know if such an API even exist, and if so, where can I find the documentation?
Currently there seems to be no ad-hoc API method for that. The currently supported group operations can be found in Directory API: Group Members namely: add member, update group membership, retrieve a group member, retrieve all group member and delete member. You'd have to implement the other functionalities you mentioned.
Related
I am trying to use the AWS SSO SCIM API in order to retrieve the AWS SSO groups for a particular user.
Looking at the documentation https://docs.aws.amazon.com/singlesignon/latest/developerguide/listgroups.html
It mentions the following
To see group info for a certain member, call ListGroup with a member filter
If you're using the member filter, you have to use the id filter (refer to supported filter combinations).
It appears that the id filter, is the group ID, because of this note: Note that the use of id as an individual filter, while valid, should be avoided as there is already a getGroup endpoint available.
Also, at https://docs.aws.amazon.com/singlesignon/latest/developerguide/limitations.html next to the members attribute it mentions that it is supported, but cannot be read in a response.
I have been playing with the API but could not get any group info for a user regardless of the combination of the parameters.
Based on the above, I conclude that the API does not support retrieving group data for a user. Would you agree?
I don't have access to an AWS SSO SCIM endpoint, but from looking at the documentation I suspect one of the two approaches may be possible:
GET /users/id and look at the value for "groups" - this one seems questionable as the limitations page says they support the user resource's "groups" attribute, but there's also a note about not supporting multi-valued user attributes. You may need to explicitly add the ?attributes=groups parameter to your GET to ask for that attribute to be returned, if it is in fact supported.
GET /groups?filter=members[value eq "userId"] or some variation of that depending on what syntax they allow. This isn't listed as supported, but if it works, I expect that you would get a list of groups in response that did not contain the "members" attribute - but that each group returned would match the query.
There's some amount of uncertainty with both of these, but with the information available those seem like the two most likely paths to successfully accomplish what you are aiming for. If neither of those work, it may not be possible - but a support case with AWS would probably be helpful to confirm there.
As #ZollnerdMSFT recommended, I raised an AWS support request. AWS support responded that the AWS SSO SCIM API does not support retrieving the groups associated with a user. They have submitted this as a feature request internally, however, cannot provide an estimate as to when it will be implemented.
I thought it was a simple thing but I was wrong, I would like to have the list of public events of a page (such as the redbull)
I tried this but without luck:
/14226545351/events
Also I would like to know if it was possible to search for events by keyword, I tried this but without luck:
/search?q=run&type=event
I generated an access token, with the right permissions (I think) but in both cases I read
{
"data": [
]
}
You can no longer use the /search endpoint with the following object
types:
event
group
page
user
Source: https://developers.facebook.com/docs/graph-api/changelog/breaking-changes#search-4-4
Event Search is not possible anymore, and the Events API in general is not possible as of now:
...apps currently accessing Events and Groups APIs will lose access today.
Source: https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/
It is currently not possible to query event data using the facebook api https://developers.facebook.com/blog/post/2018/04/04/facebook-api-platform-product-changes/
I'm using FreeIPA as an LDAP-backend for my flask-app. So far I've used flask-simpleldap with OpenLDAP to get the group membership of a user, which works fine with the following options:
LDAP_BASE_DN="dc=myrealm,dc=com"
LDAP_REALM_NAME="MyFunRealm"
LDAP_OBJECTS_DN="dn"
LDAP_USER_OBJECT_FILTER="(&(objectclass=inetorgperson)(uid=%s))"
LDAP_GROUP_MEMBERS_FIELD="member"
LDAP_GROUP_OBJECT_FILTER="(&(objectclass=groupofnames)(member=%s))"
LDAP_GROUP_MEMBER_FILTER="member=%s"
LDAP_GROUP_MEMBER_FILTER_FIELD="cn"
I want to change the LDAP structure of my users to place groups inside groups, but the above settings only gives the users' "first level" group. (Sorry I'm unfamiliar with LDAP and it's terminology).
How can I change the query/filter to get a list of all groups the user is a member of through group-in-group membership?
I don't think it is possible considering your setup (ie flask + openldap)
OpenLDAP does not (from my knowledge) have built in mechanism to perform filter on nested groups.
And flask does the request for you, so you can't implement the recursive search easily.
In other directory (AD for example) you can specify the extensible matching rule for filtering nested groups, something along this line :
(&(objectclass=groupofnames)(member:1.2.840.113556.1.4.1941:=%s))
But this specific extensible matching rule does not exist in OpenLDAP
I have a local group on my computer Grp1 to which I want to check membership of domain users. I have already used NetUserGetLocalGroups for this. But the problem I encounter is when the domain user is not a direct member of the group Grp1. For example, let's say there are two domain groups say DomainGrp1 and DomainGrp2. Now, my user DomainUser1 is part of group DomainGrp2 and the DomainGrp2 is part of DomainGrp1 and the group DomainGrp1 is part of the local group Grp1. If I use this NetUserGetLocalGroups in the aforementioned scenario, the API doesn't enumerate Grp1 for DomainUser1 but in actual the DomainUser1 is part of the Grp1 indirectly.
Also please note that if the DomainUser1 is directly member of DomainGrp1 instead of DomainGrp2 (with the DomainGrp1 be the member of Grp1). The API enumerates the Grp1 perfectly. Could somebody help me with this problem?
I have tried impersonation using LogonUser API. But the problem I have is when the user is marked for changing password at next log on. Then the API returns false and hence I cannot get the impersonation token.
PS: I don't want to use any Directory Services API.
I could find similar problem on MSDN link
I'm designing a REST service which organizes groups and users.
For example:
GET /groups - gets all the groups
GET /groups/1 - gets a specific group
GET /groups/1/users - gets the users in the group
GET /users/1 - the actual user, which may be in multiple groups
POST /groups/1/users - with the post parameters of user_id=1 to add a user to a group
What would be the appropriate way to handle this?
DELETE /groups/1/users/1 seems to be a valid way to do it but then the GET to the same url would return the user record which is a duplicate of the resource /user/1?
or should it be DELETE /groups/1/users?user_id=1?
Wondering which is the most RESTful way to do this.
I think that a good design would make explicit the membership of a user within a particular group - as a separate resource. So, there are groups, users, and the membership of a user within a group.
Therefore, GET /groups/1/users would return a list of membership resource identifiers: /groups/1/users/{member_id} on which you could do a DELETE. Each of these "memberships" is of course associated with a particular user, so you would have to somehow know which member_id is associated with which user_id. The easiest way to do this is to make member_id have the same semantics as user_id, as you suggest in the question (so /groups/1/users/1 means "user 1's membership in group 1"). Following that, if you do a GET on /groups/1/users/{member_id} you could just redirect to /users/{user_id}. Or in a more complex example, this resource would no redirect to a user but link to it and also include some other information, for example the date when the user joined the group, her status in the group, etc.
The other option I can think of would utilize the PATCH method to modify the collection resources (/groups/1/users): see https://www.rfc-editor.org/rfc/rfc5023. But using a DELETE seems more natural.