(2) scopes keep failing when checking the Service Account
104 views
Skip to first unread message
Jonathan Ascencio
Sep 10, 2024, 9:19:39 PM9/10/24
to GAM for Google Workspace
Hello,
For some reason I setup another admin with GAM on their local machine and regardless of how many times I check the service account and override the Oauth scopes for Domain Wide Delegation, it still keeps failing. The Admin is a Super Admin, no limitations.
https://mail.google.com/ PASS (1/38)
https://sites.google.com/feeds PASS (2/38)
https://www.googleapis.com/auth/analytics.readonly PASS (3/38)
https://www.googleapis.com/auth/apps.alerts PASS (4/38)
https://www.googleapis.com/auth/calendar PASS (5/38)
https://www.googleapis.com/auth/chat.admin.delete PASS (6/38)
https://www.googleapis.com/auth/chat.admin.memberships PASS (7/38)
https://www.googleapis.com/auth/chat.admin.spaces PASS (8/38)
https://www.googleapis.com/auth/chat.delete PASS (9/38)
https://www.googleapis.com/auth/chat.memberships PASS (10/38)
https://www.googleapis.com/auth/chat.messages PASS (11/38)
https://www.googleapis.com/auth/chat.spaces PASS (12/38)
https://www.googleapis.com/auth/classroom.announcements PASS (13/38)
https://www.googleapis.com/auth/classroom.coursework.students PASS (14/38)
https://www.googleapis.com/auth/classroom.courseworkmaterials PASS (15/38)
https://www.googleapis.com/auth/classroom.profile.emails PASS (16/38)
https://www.googleapis.com/auth/classroom.profile.photos PASS (17/38)
https://www.googleapis.com/auth/classroom.rosters PASS (18/38)
https://www.googleapis.com/auth/classroom.topics PASS (19/38)
https://www.googleapis.com/auth/cloud-identity PASS (20/38)
https://www.googleapis.com/auth/cloud-platform PASS (21/38)
https://www.googleapis.com/auth/contacts PASS (22/38)
https://www.googleapis.com/auth/contacts.other.readonly PASS (23/38)
https://www.googleapis.com/auth/datastudio FAIL (24/38)
https://www.googleapis.com/auth/directory.readonly PASS (25/38)
https://www.googleapis.com/auth/documents PASS (26/38)
https://www.googleapis.com/auth/drive PASS (27/38)
https://www.googleapis.com/auth/drive.activity PASS (28/38)
https://www.googleapis.com/auth/drive.admin.labels PASS (29/38)
https://www.googleapis.com/auth/drive.labels PASS (30/38)
https://www.googleapis.com/auth/gmail.modify PASS (31/38)
https://www.googleapis.com/auth/gmail.settings.basic PASS (32/38)
https://www.googleapis.com/auth/gmail.settings.sharing PASS (33/38)
https://www.googleapis.com/auth/keep FAIL (34/38)
https://www.googleapis.com/auth/spreadsheets PASS (35/38)
https://www.googleapis.com/auth/tasks PASS (36/38)
https://www.googleapis.com/auth/userinfo.profile PASS (37/38)
https://www.googleapis.com/auth/youtube.readonly PASS (38/38)
Some scopes FAILED!
----------------
Here are the allowed permissions when checking Oauth
[*] 0) Calendar API (supports readonly)
[*] 1) Chrome Browser Cloud Management API (supports readonly)
[*] 2) Chrome Management API - AppDetails read only
[*] 3) Chrome Management API - Telemetry read only
[*] 4) Chrome Management API - read only
[*] 5) Chrome Policy API (supports readonly)
[*] 6) Chrome Printer Management API (supports readonly)
[*] 7) Chrome Version History API
[*] 8) Classroom API - Course Announcements (supports readonly)
[*] 9) Classroom API - Course Topics (supports readonly)
[*] 10) Classroom API - Course Work/Materials (supports readonly)
[*] 11) Classroom API - Course Work/Submissions (supports readonly)
[*] 12) Classroom API - Courses (supports readonly)
[*] 13) Classroom API - Profile Emails
[*] 14) Classroom API - Profile Photos
[*] 15) Classroom API - Rosters (supports readonly)
[*] 16) Classroom API - Student Guardians (supports readonly)
[ ] 17) Cloud Channel API (supports readonly)
[*] 18) Cloud Identity - Inbound SSO Settings (supports readonly)
[*] 19) Cloud Identity Groups API (supports readonly)
[*] 20) Cloud Identity OrgUnits API (supports readonly)
[*] 21) Cloud Identity User Invitations API (supports readonly)
[ ] 22) Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
[ ] 23) Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
[*] 24) Contact Delegation API (supports readonly)
[*] 25) Contacts API - Domain Shared Contacts and GAL
[*] 26) Data Transfer API (supports readonly)
[*] 27) Directory API - Chrome OS Devices (supports readonly)
[*] 28) Directory API - Customers (supports readonly)
[*] 29) Directory API - Domains (supports readonly)
[*] 30) Directory API - Groups (supports readonly)
[*] 31) Directory API - Mobile Devices Directory (supports readonly and action)
[*] 32) Directory API - Organizational Units (supports readonly)
[*] 33) Directory API - Resource Calendars (supports readonly)
[*] 34) Directory API - Roles (supports readonly)
[*] 35) Directory API - User Schemas (supports readonly)
[*] 36) Directory API - User Security
[*] 37) Directory API - Users (supports readonly)
[ ] 38) Email Audit API
[*] 39) Groups Migration API
[*] 40) Groups Settings API
[*] 41) License Manager API
[*] 42) People API (supports readonly)
[*] 43) People Directory API - read only
[ ] 44) Pub / Sub API
[*] 45) Reports API - Audit Reports
[*] 46) Reports API - Usage Reports
[ ] 47) Reseller API
[*] 48) Service Account Lookup pseudo-API
[*] 49) Site Verification API
[*] 50) Sites API
[*] 51) Vault API (supports readonly)
[*] 1) Chrome Browser Cloud Management API (supports readonly)
[*] 2) Chrome Management API - AppDetails read only
[*] 3) Chrome Management API - Telemetry read only
[*] 4) Chrome Management API - read only
[*] 5) Chrome Policy API (supports readonly)
[*] 6) Chrome Printer Management API (supports readonly)
[*] 7) Chrome Version History API
[*] 8) Classroom API - Course Announcements (supports readonly)
[*] 9) Classroom API - Course Topics (supports readonly)
[*] 10) Classroom API - Course Work/Materials (supports readonly)
[*] 11) Classroom API - Course Work/Submissions (supports readonly)
[*] 12) Classroom API - Courses (supports readonly)
[*] 13) Classroom API - Profile Emails
[*] 14) Classroom API - Profile Photos
[*] 15) Classroom API - Rosters (supports readonly)
[*] 16) Classroom API - Student Guardians (supports readonly)
[ ] 17) Cloud Channel API (supports readonly)
[*] 18) Cloud Identity - Inbound SSO Settings (supports readonly)
[*] 19) Cloud Identity Groups API (supports readonly)
[*] 20) Cloud Identity OrgUnits API (supports readonly)
[*] 21) Cloud Identity User Invitations API (supports readonly)
[ ] 22) Cloud Storage API (Read Only, Vault/Takeout Download, Cloud Storage)
[ ] 23) Cloud Storage API (Read/Write, Vault/Takeout Copy/Download, Cloud Storage)
[*] 24) Contact Delegation API (supports readonly)
[*] 25) Contacts API - Domain Shared Contacts and GAL
[*] 26) Data Transfer API (supports readonly)
[*] 27) Directory API - Chrome OS Devices (supports readonly)
[*] 28) Directory API - Customers (supports readonly)
[*] 29) Directory API - Domains (supports readonly)
[*] 30) Directory API - Groups (supports readonly)
[*] 31) Directory API - Mobile Devices Directory (supports readonly and action)
[*] 32) Directory API - Organizational Units (supports readonly)
[*] 33) Directory API - Resource Calendars (supports readonly)
[*] 34) Directory API - Roles (supports readonly)
[*] 35) Directory API - User Schemas (supports readonly)
[*] 36) Directory API - User Security
[*] 37) Directory API - Users (supports readonly)
[ ] 38) Email Audit API
[*] 39) Groups Migration API
[*] 40) Groups Settings API
[*] 41) License Manager API
[*] 42) People API (supports readonly)
[*] 43) People Directory API - read only
[ ] 44) Pub / Sub API
[*] 45) Reports API - Audit Reports
[*] 46) Reports API - Usage Reports
[ ] 47) Reseller API
[*] 48) Service Account Lookup pseudo-API
[*] 49) Site Verification API
[*] 50) Sites API
[*] 51) Vault API (supports readonly)
Robert Fine
Sep 13, 2024, 9:22:54 AM9/13/24
to GAM for Google Workspace
Hi Jonathan,
Did you check if the Keep and Datastudio (Looker Studio) API are turned on for the project within console.cloud.google.com ?
Jonathan Ascencio
Oct 1, 2024, 1:16:10 PM10/1/24
to GAM for Google Workspace
I checked and its all on..
Reply all
Reply to author
Forward
0 new messages