Using client_secrets.json with multiple domains?

[Kylie Lunghusen]

Besides production, we have eight test domains for different purposes. Currently I use small .bat files to switch between oauth files in my GAM directory (Windows 7). I've created my own client_secrets.json for the production domain, but I'm still getting the 403 error for the other domains.

Is there any way I can use client_secrets.json for different domains, or switch between different versions of the file as I do for oauth? Or will I have to change my config so that I have a separate gam folder for each domain and change between folders instead of between oauth files? I was hoping to avoid that because it means I'd have to remove the GAM folder from the PATH variable and run all commands from within a domain-specific gam folder rather than from anywhere.

Thanks,

Kylie

[Kylie Lunghusen]

Never mind, I figured it out. I hadn't revoked/re-created oauth for the test domains.

K

[Jay Lee]

Hi Kylie,

  Glad you figured it out. Yes, the oauth2.txt file needs to be revoked and re-created via authentication in order for it to use your new client_secrets.json (and your own personal quota).

  Note that there is no security risk in sharing the same client_secrets.json file between multiple Google Apps instances. client_secrets.json DOES NOT authenticate you as a Google Apps Admin to Google, it only identifies your application (GAM) to Google for quota tracking purposes.

Jay

[Kit Gillingham]

Hi Jay,

I'm having the same issue whereby I have various separate domains that I need to manage. In the previous version of GAM we would just change the domain name on the oauth.txt file. 

Could you let me know how what I need to do to perform this in the new version? Do I need to create separate projects in the developer console for each domain? 

Thanks

Kit

[Jay Lee]

Use the same client_secrets.json file for all of them. To switch between, modify the OAUTHFILE environment variable. So if you're on Linux or Mac try:

export OAUTHFILE=oauth2.txt-domain1.com
gam info domain
(authenticate and the domain1 info prints)

export OAUTHFILE=oauth2.txt-domain2.com
gam info domain
(authenticate and the domain2 info prints)

--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/122af722-e489-48d8-9826-d6ceb2f5a11b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Kit Gillingham]

Thanks for the quick reply Jay, I'm using Windows and it's not recognising the export command. 

"c:\GAM>export OAUTHFILE=oauth2.txt-mydomain.com

'export' is not recognized as an internal or external command,

operable program or batch file.

or 

c:\GAM>gam export OAUTHFILE=oauth2.txt-rentokil-initial.com

Dito GAM 3.42 - http://git.io/gam

Jay Lee <jay...@gmail.com>

Python 2.7.8 32-bit final

google-api-python-client 1.3.1

Windows-7-6.1.7601-SP1 x86

Path: c:\GAM\

Usage: gam [OPTIONS]...

Dito GAM. Retrieve or set Google Apps domain,

user, group and alias settings. Exhaustive list of commands

can be found at: https://github.com/jay0lee/GAM/wiki

Examples:

gam info domain

gam create user jsmith firstname John lastname Smith password secretpass

gam update user jsmith suspended on

gam.exe update group announcements add member jsmith

...

Regards

Kit Gillingham
IT Support

Click here to access the IT Service Centre online : IT Service Centre

Click here to access the Self Service Portal  : Self Service

Click here to access the online Customer Satisfaction Survey

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp9qpHpms9ac-07gUWUzjRaoErK2Ey_xU6bzndZpvXX9Ag%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

Please consider the environment before printing this e-mail.

Rentokil Initial plc registered in England No. 5393279
Registered Office: Riverbank, Meadows Business Park, Blackwater, Camberley, Surrey, GU17 9AB. 

Information in this message is confidential and is 
intended solely for the persons to whom it is addressed. 
If you are not the intended recipient please notify the 
sender and immediately delete this message from your 
computer. 

This system may be monitored or recorded to 
secure the effective operation of the system 
and for other lawful purposes.

[Jay Lee]

On Mon, Mar 16, 2015 at 12:28 PM, Kit Gillingham <kit.gil...@rentokil-initial.com> wrote:

OAUTHFILE=oauth2.txt-mydomain.com

Use SET on Windows command prompt:

set OAUTHFILE=oauth2.txt-mydomain.com

Jay Lee

[Kit Gillingham]

Thanks again for the quick reply, looks like we're almost there with that command but...I now get the following when trying gam info domain:

[*]  0)  Group Directory API (supports read-only)

[*]  1)  Organizational Unit Directory API (supports read-only)

[*]  2)  User Directory API (supports read-only)

[*]  3)  Chrome OS Device Directory API (supports read-only)

[*]  4)  Mobile Device Directory API (supports read-only and action)

[*]  5)  User Email Settings API

[*]  6)  Calendar Resources API

[*]  7)  Audit Monitors, Activity and Mailbox Exports API

[*]  8)  Admin Settings API

[*]  9)  Groups Settings API

[*] 10)  Calendar Data API (supports read-only)

[*] 11)  Audit Reports API

[*] 12)  Usage Reports API

[*] 13)  Drive API (create report documents for admin user only)

[*] 14)  License Manager API

[*] 15)  User Security Directory API

[*] 16)  Notifications Directory API

[*] 17)  Site Verification API

(*) 18)  IMAP/SMTP Access (send notifications to admin)

(*) 19)  User Schemas (supports read-only)

     20)  Select all scopes

     21)  Unselect all scopes

     22)  Continue

22

Traceback (most recent call last):

  File "gam.py", line 7416, in <module>

  File "gam.py", line 5533, in doGetDomainInfo

  File "gam.py", line 516, in buildGAPIObject

  File "gam.py", line 7267, in doRequestOAuth

  File "oauth2client\util.pyo", line 129, in positional_wrapper

  File "oauth2client\tools.pyo", line 183, in run_flow

  File "oauth2client\util.pyo", line 129, in positional_wrapper

  File "googleapiclient\http.pyo", line 723, in execute

googleapiclient.errors.HttpError: <HttpError 403 when requesting https://www.goo

gleapis.com/urlshortener/v1/url?alt=json returned "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.">

Regards

Kit Gillingham
IT Support

Click here to access the IT Service Centre online : IT Service Centre

Click here to access the Self Service Portal  : Self Service

Click here to access the online Customer Satisfaction Survey

--

You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-apps-manager.

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CA%2BVVBp9hivWHKtTcLp1QS9EZiR2qzTX7SJpsKh4cDAJhqfFqBw%40mail.gmail.com.

For more options, visit https://groups.google.com/d/optout.

[Kit Gillingham]

Ignore that, it seems to have worked 2nd time round! Thanks again for all your help!

Regards

Kit Gillingham
IT Support

Click here to access the IT Service Centre online : IT Service Centre

Click here to access the Self Service Portal  : Self Service

Click here to access the online Customer Satisfaction Survey

[Jason Hittleman]

Hey Jay, have followed your steps but I am receiving the following Error: 

Error: unauthorized_client: Unauthorized client or scope in request.

When running an update user command

Any ideas?

On Monday, March 16, 2015 at 8:17:14 AM UTC-4, Jay Lee wrote:

Use the same client_secrets.json file for all of them. To switch between, modify the OAUTHFILE environment variable. So if you're on Linux or Mac try:

export OAUTHFILE=oauth2.txt-domain1.com
gam info domain
(authenticate and the domain1 info prints)

export OAUTHFILE=oauth2.txt-domain2.com
gam info domain
(authenticate and the domain2 info prints)

On Mar 16, 2015 8:08 AM, "Kit Gillingham" <kit.gil...@rentokil-initial.com> wrote:

Hi Jay,

I'm having the same issue whereby I have various separate domains that I need to manage. In the previous version of GAM we would just change the domain name on the oauth.txt file. 

Could you let me know how what I need to do to perform this in the new version? Do I need to create separate projects in the developer console for each domain? 

Thanks

Kit

On Friday, 27 September 2013 13:02:14 UTC+1, Jay Lee wrote:

Hi Kylie,

  Glad you figured it out. Yes, the oauth2.txt file needs to be revoked and re-created via authentication in order for it to use your new client_secrets.json (and your own personal quota).

  Note that there is no security risk in sharing the same client_secrets.json file between multiple Google Apps instances. client_secrets.json DOES NOT authenticate you as a Google Apps Admin to Google, it only identifies your application (GAM) to Google for quota tracking purposes.

Jay

--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.

To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-manager+unsub...@googlegroups.com.