Choisir des champs d'application de l'API Directory
Restez organisé à l'aide des collections
Enregistrez et classez les contenus selon vos préférences.
Ce document contient des informations sur l'autorisation et l'authentification spécifiques à l'API Directory. Avant de lire ce document, consultez les informations générales sur l'authentification et l'autorisation dans Google Workspace sur la page En savoir plus sur l'authentification et l'autorisation.
Pour définir le niveau d'accès accordé à votre application, vous devez identifier et déclarer des champs d'application de l'autorisation. Un champ d'application est une chaîne d'URI OAuth 2.0 qui contient le nom de l'application Google Workspace, le type de données auxquelles elle accède et le niveau d'accès. Les champs d'application correspondent aux demandes de votre application pour utiliser les données Google Workspace, y compris les données du compte Google des utilisateurs.
Lorsque votre application est installée, un utilisateur est invité à valider les champs d'application utilisés par l'application. En règle générale, vous devez choisir le champ d'application le plus ciblé possible et éviter de demander des champs d'application dont votre application n'a pas besoin. Les utilisateurs accordent plus facilement l'accès à des champs d'application limités et clairement décrits.
L'API Directory est compatible avec les champs d'application suivants:
Portée permettant de ne récupérer que des ressources d'agenda.
Sauf indication contraire, le contenu de cette page est régi par une licence Creative Commons Attribution 4.0, et les échantillons de code sont régis par une licence Apache 2.0. Pour en savoir plus, consultez les Règles du site Google Developers. Java est une marque déposée d'Oracle et/ou de ses sociétés affiliées.
Dernière mise à jour le 2025/08/29 (UTC).
[[["Facile à comprendre","easyToUnderstand","thumb-up"],["J'ai pu résoudre mon problème","solvedMyProblem","thumb-up"],["Autre","otherUp","thumb-up"]],[["Il n'y a pas l'information dont j'ai besoin","missingTheInformationINeed","thumb-down"],["Trop compliqué/Trop d'étapes","tooComplicatedTooManySteps","thumb-down"],["Obsolète","outOfDate","thumb-down"],["Problème de traduction","translationIssue","thumb-down"],["Mauvais exemple/Erreur de code","samplesCodeIssue","thumb-down"],["Autre","otherDown","thumb-down"]],["Dernière mise à jour le 2025/08/29 (UTC)."],[],[],null,["# Choose Directory API scopes\n\nThis document contains Directory API-specific authorization and\nauthentication information. Before reading this document, be sure to read the\nGoogle Workspace's general authentication and authorization information at\n[Learn about authentication and authorization](/workspace/guides/auth-overview).\n\nConfigure OAuth 2.0 for authorization\n-------------------------------------\n\n[Configure the OAuth consent screen and choose scopes](/workspace/guides/configure-oauth-consent)\nto define what information is displayed to users and app reviewers, and register\nyour app so that you can publish it later.\n\nDirectory API scopes\n--------------------\n\nTo define the level of access granted to your app, you need to identify and\ndeclare *authorization scopes*. An authorization scope is an OAuth 2.0 URI string\nthat contains the Google Workspace app name, what kind of data it accesses, and\nthe level of access. Scopes are your app's requests to work with Google Workspace data, including\nusers' Google Account data.\n\n\nWhen your app is installed, a user is asked to validate the scopes used\nby the app. Generally, you should choose the most narrowly focused scope\npossible and avoid requesting scopes that your app doesn't require. Users more\nreadily grant access to limited, clearly described scopes.\n| If your public application uses scopes that permit access to certain user data, it must complete a verification process. If you see **unverified\n| app** on the screen when testing your application, you must submit a verification request to remove it. Find out more about [unverified apps](https://support.google.com/cloud/answer/7454865) and get answers to [frequently asked questions about app verification](https://support.google.com/cloud/answer/9110914) in the Help Center.\n\nThe Directory API supports the following scopes:\n\n| Scopes for devices | Meaning |\n|------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------|\n| `https://www.googleapis.com/auth/admin.directory.device.chromeos` | Global scope for access to all Chrome device operations. |\n| `https://www.googleapis.com/auth/admin.directory.device.chromeos.readonly` | Scope for only retrieving Chrome devices. |\n| `https://www.googleapis.com/auth/admin.directory.device.mobile` | Global scope for access to all mobile device operations. |\n| `https://www.googleapis.com/auth/admin.directory.device.mobile.readonly` | Scope for only retrieving mobile device |\n| `https://www.googleapis.com/auth/admin.directory.device.mobile.action` | Scope for tasks that take an action on a mobile device. |\n| `https://www.googleapis.com/auth/admin.directory.group.member` | Scope for access to all group member roles and information operations. |\n| `https://www.googleapis.com/auth/admin.directory.group.member.readonly` | Scope for only retrieving group member roles and information. |\n| `https://www.googleapis.com/auth/admin.directory.group` | Global scope for access to all group operations, including group aliases and members. |\n| `https://www.googleapis.com/auth/admin.directory.group.readonly` | Scope for only retrieving group, group alias, and member information. |\n| `https://www.googleapis.com/auth/admin.directory.orgunit` | Global scope for access to all organizational unit operations. |\n| `https://www.googleapis.com/auth/admin.directory.orgunit.readonly` | Scope for only retrieving organizational units. |\n| `https://www.googleapis.com/auth/admin.directory.user` | Global scope for access to all user and user alias operations. |\n| `https://www.googleapis.com/auth/admin.directory.user.readonly` | Scope for only retrieving users or user aliases. |\n| `https://www.googleapis.com/auth/admin.directory.user.alias` | Scope for access to all user alias operations. |\n| `https://www.googleapis.com/auth/admin.directory.user.alias.readonly` | Scope for only retrieving user aliases. |\n| `https://www.googleapis.com/auth/admin.directory.user.security` | Scope for access to all application-specific password, OAuth token, and verification code operations. |\n| `https://www.googleapis.com/auth/admin.directory.rolemanagement` | Scope for all roles management operations, including creating roles and role assignments. |\n| `https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly` | Scope for getting and listing roles, privileges, and role assignments. |\n| `https://www.googleapis.com/auth/admin.directory.userschema` | Scope for access to all custom user schema operations. |\n| `https://www.googleapis.com/auth/admin.directory.userschema.readonly` | Scope for only retrieving custom user schemas. |\n| `https://www.googleapis.com/auth/admin.directory.customer` | Scope for access to all customer operations. |\n| `https://www.googleapis.com/auth/admin.directory.customer.readonly` | Scope for only retrieving customers. |\n| `https://www.googleapis.com/auth/admin.directory.domain` | Scope for access to all domain operations. |\n| `https://www.googleapis.com/auth/admin.directory.domain.readonly` | Scope for only retrieving domains. |\n| `https://www.googleapis.com/auth/admin.directory.resource.calendar` | Scope for access to all calendar resources operations. |\n| `https://www.googleapis.com/auth/admin.directory.resource.calendar.readonly` | Scope for only retrieving calendar resources. |"]]
