I'm trying to cement my understanding | Google Developer Community | Page 1

I'm trying to figure out some kind of admin pre-consent so users in a given workspace don't have to go through the manual/interactive openid flow to authenticate with my service. I have an OAuth client that uses openid email profile scopes to allow login.

I also have a service account in the same project for some background tasks - the SA has been given DWD rights in the workspace for its scopes, but I'm not sure that's relevant.

The only docs I've found on this is one sentence here, https://support.google.com/a/answer/162106?hl=en , suggesting that I can grant DWD to the OAuth client id (presumably with same scopes) to preconsent. Am I understanding that correctly? This is the only time I've heard of granting DWD to an OAuth client.

How does that look in practice? I understand that if multiple google accounts have been previously used in the current machine?/browser?, there might be a dialog asking which to pick, which is probably fair.

The bit that I'm specifically trying to avoid is the need to manually input google username/password during a chrome extension's launchWebAuthFlow against the google oauth endpoint, so any contextual info on that front is helpful.

Control API access with domain-wide delegation - Google Workspace A...

As an administrator, you can use domain-wide delegation of authority to grant third-party and internal applications access to your users' data. App developers and administrators can create

#I'm trying to cement my understanding