Confirming that OOB authorization requests won't be blocked
73 views
Skip to first unread message
David Leigh
Jun 15, 2022, 6:46:47 AM6/15/22
to GAM for Google Workspace
Hello and thank you in advance for any insight you can give.
I received the message in early May from Google about migrating my OAuth out-of-band (OOB) flow, etc.
In particular it says at the top of the message:
Our records indicate you have OAuth clients that may have used the OAuth OOB flow in the past, although not in the last 90 days.
I set up the process in GAM a long time ago and have gone through many versions of it. I don't use the process personally, but a user does and I imagine that they have used it within the last 90 days. Consequently, and because I'm on 6.21 now, I'm wondering if this is from an older iteration of using GAM?
However, the user came to me today indicating that for some time (how long?), the process had not worked. So I went in and did a simple command in GAM and got a stack trace back that ends with this sort of message content:
google.auth.exceptions.refresherror: (('invalid_grant: Bad request
I did a gam Oauth delete and a gam Oauth create and now I'm back in business.
I guess my concern is WHY this happened and whether I need to do anything about the "OOB flow" migration email?
Thanks!
I did a gam Oauth delete and a gam Oauth create and now I'm back in business.
I guess my concern is WHY this happened and whether I need to do anything about the "OOB flow" migration email?
Thanks!
Ross Scroggs
Jun 15, 2022, 9:22:25 AM6/15/22
to google-ap...@googlegroups.com
David,
It happemed because Google made a change in how authentication is performed.
gam oauth delete and gam oauth create was the right thing to do, there is nothing else required.
--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/6ae60b05-7027-4305-b9da-e9188131f566n%40googlegroups.com.
Jay Lee
Jun 15, 2022, 6:41:36 PM6/15/22
to google-ap...@googlegroups.com
Google's change did not invalidate existing tokens. You need to:
1) upgrade to the latest version of GAM.
2) check the admin audit token logs to understand why GAM's authorization was revoked. This can be done by the user you authorized GAM with or another admin.
Jay Lee
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/04D6EBCC-E231-416A-9C8C-B07A8FB1D2EA%40gmail.com.
David Leigh
Jun 16, 2022, 7:27:34 AM6/16/22
to GAM for Google Workspace
Already on 6.21 when the issue happened.
Is the "admin audit token log" a GAM thing or something in the Google API dashboard (pardon my ignorance)?
Thanks!
Reply all
Reply to author
Forward
0 new messages