Google authentication and authorization with Golang

Question

We have web app for internal usage and want to add auth with google. So the authentication part was quite simple. I followed this tutorial

But authorization part is not obvious for me. We have different roles in our system and want to give different roles to each google account and manage them there. I want to use auth groups with scope https://www.googleapis.com/auth/groups So I have two questions, are the groups the right choice, I mean can we authenticate user by checking what group is he part of? Would be very thankful for any links for the authorization part

Answer 1

I found this in python

Google Admin SDK: Get a list of groups that a user belongs to

I haven't test it, but I think this is the way in go:

package main

import (
    "context"
    "fmt"

    admin "google.golang.org/api/admin/directory/v1"
    "google.golang.org/api/option"
)

func main() {
    service, err := admin.NewService(context.Background(), option.WithCredentialsFile("cred.json"))
    if err != nil {
        panic(err)
    }
    g, err := service.Groups.List().Customer("[email protected]").Domain("example.com").Do()
    if err != nil {
        panic(err)
    }
    fmt.Println(g)
}

source : https://github.com/googleapis/google-api-go-client/blob/main/admin/directory/v1/admin-gen.go