For a recent project, I was tasked with creating a service that could synchronously change the Google domain password for any of our domain users. I struggled with the OAuth 2.0 handshake business for a good bit (https://developers.google.com/identity/protocols/OAuth2ServiceAccount), created some badass JWT signatures, I believe got very close to having the authentication setup, but then figured out this other, much simpler way of doing this. So here is a blog post on my findings. Environment: Adobe ColdFusion 11 running on a Windows 2012 R2 server with IIS 8.5.
Dito GAM (http://www.ditoweb.com/partner-products/gam-by-dito/) is this great free, open source command line tool to efficiently manage Google domain & user settings. So I installed it on the Windows server using these instructions:
Creating the clients_secret.json and oauth2service.json files is a crucial part of this setup process. An administrator account within the Google domain is needed to do this. Instructions can be found here:
Once the client secret files were created and put in place, it was easy to get started with GAM using these instructions:
After that, all I had to do was use the following ColdFusion code to make calls to the GAM command line:
<cfexecute name = "C:\[gam-directory]\gam.exe" arguments = "update user #trim(username)# password #trim(newPassword)#" outputFile = "C:\[gam-directory]\output.txt" timeout = "60"> </cfexecute>
And that was it! So much easier than directly messing with Google OAuth requests/tokens!
You can find other useful GAM commands here that can all be invoked via ColdFusion or any other language/framework that has access to run executables:
Hope this helps some folks out there.