gam show tokens and show asps
299 views
Skip to first unread message
Dan Schwartz
Feb 20, 2014, 8:47:18 AM2/20/14
to google-ap...@googlegroups.com
Hi -
I've tried to run the new gam-3 show tokens and show asps commands and keep getting insufficient permissions errors. I've added a bunch of scopes to my domain's 3rd party oauth list and the api key (including https://www.googleapis.com/auth/admin.directory.user.security), but I think I've been missing something somewhere, or did something wrong.
Here's an example debug output (from a windows-64 run of it) -
D:\gam-3.04\gam-64>gam user da...@lehigh.edu show asps
connect: (www.googleapis.com, 443)
send: 'GET /admin/directory/v1/users/da...@lehigh.edu/asps?quotaUser=488ba7d45
0e00aa236b981f3a9ae627df0a12&alt=json&prettyPrint=true HTTP/1.1\r\nHost: www.
gleapis.com\r\ncontent-length: 0\r\nauthorization: Bearer ya29.1.AADtN_WGvsMj
xRtv-EmRulG7tQgwjUI9obIsgt121A88kJPnx9s22lQHED5fahs-Rnq9i4xc\r\naccept-encodi
gzip, deflate\r\naccept: application/json\r\nuser-agent: Dito GAM 3.04 / jay
toweb.com (Jay Lee) / Python 2.7.6 final / Windows-7-6.1.7601-SP1 AMD64 / goo
-api-python-client/1.2 (gzip)\r\n\r\n'
reply: 'HTTP/1.1 403 Forbidden\r\n'
header: WWW-Authenticate: Bearer realm="https://www.google.com/accounts/AuthS
equest", error=insufficient_scope, scope="https://www.googleapis.com/auth/adm
directory.user.security"
header: Content-Type: application/json; charset=UTF-8
header: Content-Encoding: gzip
header: Date: Wed, 19 Feb 2014 15:00:04 GMT
header: Expires: Wed, 19 Feb 2014 15:00:04 GMT
header: Cache-Control: private, max-age=0
header: X-Content-Type-Options: nosniff
header: X-Frame-Options: SAMEORIGIN
header: X-XSS-Protection: 1; mode=block
header: Content-Length: 136
header: Server: GSE
header: Alternate-Protocol: 443:quic
body: {
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientPermissions",
"message": "Insufficient Permission"
}
],
"code": 403,
"message": "Insufficient Permission"
}
}
Error 403: Insufficient Permission - insufficientPermissions
Any ideas what I'm missing?
Thanks - Dan
--
Dan Schwartz | LTS - Systems and Networking | Lehigh University | da...@lehigh.edu | (610) 758-5061
Jay Lee
Feb 20, 2014, 8:58:14 AM2/20/14
to google-ap...@googlegroups.com
You can run:
gam oauth info
to see a list of scopes that are included. If:
is not in the list, you'll need to run:
gam oauth revoke
to revoke the existing token and then re-run GAM to include the new security scope.
--
You received this message because you are subscribed to the Google Groups "Google Apps Manager" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To post to this group, send email to google-ap...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-apps-manager.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAOXHi9P6arrjFmrddN4hupDX_D3QQErq3ZcVJrY1jRyFMpRnxg%40mail.gmail.com.
For more options, visit https://groups.google.com/groups/opt_out.
Dan Schwartz
Feb 20, 2014, 9:14:07 AM2/20/14
to google-ap...@googlegroups.com
Hi Jay -
That scope not on the list when I run gam oauth info.
Is there a way I can add in the scope without revoking the token? I'd just like to update it to work - so I don't break other gam instances which are using the same api key.
--
Dan Schwartz | LTS - Systems and Networking | Lehigh University | da...@lehigh.edu | (610) 758-5061To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAJHSAXaah3LvTW%3DVOaV8iqD3RftC7bS2Q_zRS_zD3PB2mevwqg%40mail.gmail.com.
Jay Lee
Feb 20, 2014, 9:20:22 AM2/20/14
to google-ap...@googlegroups.com
You can delete or rename the oauth2.txt file instead of revoking it. This will let you re-authenticate without destroying the existing token.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/CAOXHi9NbZBPQnCJ6LbxTg34%2BYhWj6JoASa-kf1kVLf6R8g-YuQ%40mail.gmail.com.
Reply all
Reply to author
Forward
0 new messages