OAuth Client ID versus Service account

[Cristian Lovin]

Hey guys,

I noticed GAM uses two specific files for credentials:

client_secrets.json that uses a OAuth 2.0 client IDs

and

oauth2service.json that uses a service account

I am trying to wrap my head around this and help identifying exactly what each file is used for when GAM is used. 

Any help is appreciated.

Thank you,

Cris

[Ross Scroggs]

Cristian,

Client access is used to:

  manage objects: users, groups, ous, domains, devices, ...

  generate reports

Service account is used to:

  manage objects on behalf of users: calendars, files, email, ...

Ross

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/3f94fac3-73aa-419f-bfa6-5577fcbc0b69n%40googlegroups.com.

--

Ross Scroggs

ross.s...@gmail.com

[Cristian Lovin]

Understood.

Thank you so much for the explanation.

[Adam Raif]

Hi Ross,

We have a need where GCP service accounts are not usable as context aware policies in GWS are blocking domains that do not end with e.g. @gopomelo.com. Since GCP service accounts have their own domain tied to the ID, would the use of a GWS user account instead suffice?

We plan to use GAM to share all user calendars to an external domain so they can view our users' free/ busy information, but according to your points above, we need a GCP service account?

We tried to user 3 legged OAuth from a GWS user account instead but GAM seems to fail to recognise the JSON credentials.. would appreciate any help in the matter above. Thank you.

---

The personal data (if any) contained herein is treated in accordance with the privacy policy of GoPomelo.

Please see more detail at https://www.gopomelo.com/personal-data-protection-policy