Approving a device

The following examples shows you how to update the approval state for a user.

REST

To update the approval state, call devices.deviceUsers.approve() with a device name and customer object.

Python HTTP

The following example shows a helper function to update the approval state using the Python HTTP library:

"""Example script to use the approve method of the Devices API."""
import pprint

from six.moves import urllib

import google.auth.transport.requests
from google.oauth2 import service_account

SCOPES = ['https://www.googleapis.com/auth/cloud-identity.devices']
BASE_URL = 'https://cloudidentity.googleapis.com/v1/'

# Change this to the location of the service account key
SA_FILE = ''

# Enter the administrator to call as here.
ADMIN_EMAIL = ''

# Enter the Device User Resource Name. You can get this from the value
# of the name field in the results of a List method call
RESOURCE_NAME = ''

if not SA_FILE:
  print('Please specify the location of the service account key file')
if not ADMIN_EMAIL:
  print('Please specify the email of the administrator to call as')
if not RESOURCE_NAME:
  print('Please specify the Device User Resource Name to be approved')

if not SA_FILE or not ADMIN_EMAIL or not RESOURCE_NAME:
  exit(-1)

def create_delegated_credentials(user_email):
  credentials = service_account.Credentials.from_service_account_file(
      SA_FILE,
      scopes=['https://www.googleapis.com/auth/cloud-identity.devices'])

  delegated_credentials = credentials.with_subject(user_email)

  return delegated_credentials

######################################################################
# AUTHENTICATE the service account and retrieve an oauth2 access token

request = google.auth.transport.requests.Request()
dc = create_delegated_credentials(ADMIN_EMAIL)
dc.refresh(request)
print('Access token: ' + dc.token + '\n')

###############################
# Approve the DeviceUser
header = {
    'authorization': 'Bearer ' + dc.token,
    'Content-Type': 'application/json'
}

action_url = BASE_URL + RESOURCE_NAME + ':approve'
request = urllib.request.Request(action_url, None, headers=header)
request.get_method = lambda: 'POST'

try:
  approve_response = urllib.request.urlopen(request)
except urllib.error.HTTPError as e:
  if e.code == 400:
    print('The request was invalid. Perhaps the device is already approved?')
  else:
    print('Unknown error occurred')
  exit(-1)

pp = pprint.PrettyPrinter(indent=4)
pp.pprint(approve_response)

Note that RESOURCE_NAME would be set to the name of the resource retrieved from a device resource.