Approving a device
The following examples shows you how to update the approval state for a user.
REST
To update the approval state, call
devices.deviceUsers.approve()
with a device name and customer object.
Python HTTP
The following example shows a helper function to update the approval state using the Python HTTP library:
"""Example script to use the approve method of the Devices API."""
import pprint
from six.moves import urllib
import google.auth.transport.requests
from google.oauth2 import service_account
SCOPES = ['https://www.googleapis.com/auth/cloud-identity.devices']
BASE_URL = 'https://cloudidentity.googleapis.com/v1/'
# Change this to the location of the service account key
SA_FILE = ''
# Enter the administrator to call as here.
ADMIN_EMAIL = ''
# Enter the Device User Resource Name. You can get this from the value
# of the name field in the results of a List method call
RESOURCE_NAME = ''
if not SA_FILE:
print('Please specify the location of the service account key file')
if not ADMIN_EMAIL:
print('Please specify the email of the administrator to call as')
if not RESOURCE_NAME:
print('Please specify the Device User Resource Name to be approved')
if not SA_FILE or not ADMIN_EMAIL or not RESOURCE_NAME:
exit(-1)
def create_delegated_credentials(user_email):
credentials = service_account.Credentials.from_service_account_file(
SA_FILE,
scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])
delegated_credentials = credentials.with_subject(user_email)
return delegated_credentials
######################################################################
# AUTHENTICATE the service account and retrieve an oauth2 access token
request = google.auth.transport.requests.Request()
dc = create_delegated_credentials(ADMIN_EMAIL)
dc.refresh(request)
print('Access token: ' + dc.token + '\n')
###############################
# Approve the DeviceUser
header = {
'authorization': 'Bearer ' + dc.token,
'Content-Type': 'application/json'
}
action_url = BASE_URL + RESOURCE_NAME + ':approve'
request = urllib.request.Request(action_url, None, headers=header)
request.get_method = lambda: 'POST'
try:
approve_response = urllib.request.urlopen(request)
except urllib.error.HTTPError as e:
if e.code == 400:
print('The request was invalid. Perhaps the device is already approved?')
else:
print('Unknown error occurred')
exit(-1)
pp = pprint.PrettyPrinter(indent=4)
pp.pprint(approve_response)
Note that RESOURCE_NAME
would be set to the name of the resource retrieved
from a device resource.