Approving a device
The following examples shows you how to update the approval state for a user.
REST
To update the approval state, call devices.deviceUsers.approve()
with a device name and customer object.
Python HTTP
The following example shows a helper function to update the approval state using the Python HTTP library:
"""Example script to use the approve method of the Devices API."""
import
pprint
from
six.moves
import
urllib
import
google.auth.transport.requests
from
google.oauth2
import
service_account
SCOPES
=
[
'https://www.googleapis.com/auth/cloud-identity.devices'
]
BASE_URL
=
'https://cloudidentity.googleapis.com/v1/'
# Change this to the location of the service account key
SA_FILE
=
''
# Enter the administrator to call as here.
ADMIN_EMAIL
=
''
# Enter the Device User Resource Name. You can get this from the value
# of the name field in the results of a List method call
RESOURCE_NAME
=
''
if
not
SA_FILE
:
print
(
'Please specify the location of the service account key file'
)
if
not
ADMIN_EMAIL
:
print
(
'Please specify the email of the administrator to call as'
)
if
not
RESOURCE_NAME
:
print
(
'Please specify the Device User Resource Name to be approved'
)
if
not
SA_FILE
or
not
ADMIN_EMAIL
or
not
RESOURCE_NAME
:
exit
(
-
1
)
def
create_delegated_credentials
(
user_email
):
credentials
=
service_account
.
Credentials
.
from_service_account_file
(
SA_FILE
,
scopes
=
[
'https://www.googleapis.com/auth/cloud-identity.devices'
])
delegated_credentials
=
credentials
.
with_subject
(
user_email
)
return
delegated_credentials
######################################################################
# AUTHENTICATE the service account and retrieve an oauth2 access token
request
=
google
.
auth
.
transport
.
requests
.
Request
()
dc
=
create_delegated_credentials
(
ADMIN_EMAIL
)
dc
.
refresh
(
request
)
print
(
'Access token: '
+
dc
.
token
+
'
\n
'
)
###############################
# Approve the DeviceUser
header
=
{
'authorization'
:
'Bearer '
+
dc
.
token
,
'Content-Type'
:
'application/json'
}
action_url
=
BASE_URL
+
RESOURCE_NAME
+
':approve'
request
=
urllib
.
request
.
Request
(
action_url
,
None
,
headers
=
header
)
request
.
get_method
=
lambda
:
'POST'
try
:
approve_response
=
urllib
.
request
.
urlopen
(
request
)
except
urllib
.
error
.
HTTPError
as
e
:
if
e
.
code
==
400
:
print
(
'The request was invalid. Perhaps the device is already approved?'
)
else
:
print
(
'Unknown error occurred'
)
exit
(
-
1
)
pp
=
pprint
.
PrettyPrinter
(
indent
=
4
)
pp
.
pprint
(
approve_response
)
Note that RESOURCE_NAME
would be set to the name of the resource retrieved
from a device resource.