Gam print devices - what Google API Scope is that?

[Rafal Kaminski]

Hello,

I'm using GAM few years and usually, all is clear to me. That group is very helpful and always I have found good solutions here. Right now I'm struggling with Google API by my script. It's kind of outside a GAM. But somehow GAM does it properly. 

When I run "gam print devices" command I see all devices: mobile and endpoint from Google (Macbook for example). I have checked all scopes from my GAM config, but I can not find the correct one for that. 

That 3 are not for PC's, I think:

    "https://www.googleapis.com/auth/admin.directory.device.chromebrowsers",
    "https://www.googleapis.com/auth/admin.directory.device.chromeos",
    "https://www.googleapis.com/auth/admin.directory.device.mobile",

In Google Doc. I found that one:

    "https://www.googleapis.com/auth/cloud-identity.devices.lookup"

But that one doesn't show devices. When I tried I think the correct one I got that error:

"You are receiving this error either because your input OAuth2 scope name is invalid or it refers to a newer scope that is outside the domain of this legacy API. This API was built at a time when the scope name format was not yet standardized. This is no longer the case and all valid scope names (both old and new) are catalogued at https://developers.google.com/identity/protocols/oauth2/scopes. Use that webpage to lookup (manually) the scope name associated with the API you are trying to call and use it to craft your OAuth2 request."

But any of the scopes from ^ list helps me. Could somebody tell me what scope GAM uses for that command? How get a list of all devices APPROVED in Google by python/ruby/curl/postman scripts?

Thank you so much for your help and answer.

Best,

Rafal

[Ross Scroggs]

Rafal,

Gam uses this scope: https://www.googleapis.com/auth/cloud-identity

It uses service account access with a super-admin as the user.

Ross

----

Ross Scroggs

Ross.S...@gmail.com

--
You received this message because you are subscribed to the Google Groups "GAM for Google Workspace" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-man...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/96227bdd-3b7b-43c5-9e33-5ea50c9056dfn%40googlegroups.com.

[Rafal Kaminski]

Hello,

I have tried to set it but: 

"You are receiving this error either because your input OAuth2 scope name is invalid or it refers to a newer scope that is outside the domain of this legacy API. This API was built at a time when the scope name format was not yet standardized. This is no longer the case and all valid scope names (both old and new) are catalogued at https://developers.google.com/identity/protocols/oauth2/scopes. Use that webpage to lookup (manually) the scope name associated with the API you are trying to call and use it to craft your OAuth2 request."

Even Google showed that:

Authorization Error

Error 400: invalid_scope

Some requested scopes cannot be shown: [https://www.googleapis.com/auth/cloud-identity]

Why GAM works and other API calls not? This is what I'm thinking about.

Thank you for help.

Best,

Rafal

[Jay Lee]

If you are trying to generate 3-legged OAuth end user credentials instead of using a service account then try this scope:

https://www.googleapis.com/auth/cloud-identity.devices

Jay

To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-manager/c54a4b46-c8d8-47b2-bee0-7979f6a91decn%40googlegroups.com.

[Rafal Kaminski]

Hello,

I have tried all of that and still, I see a Google issues or warning. Have you ever tried to use for example Postman to call that API scope: https://www.googleapis.com/auth/cloud-identity.devices?

Thank you for any help and answers.

Best,

Rafal

[Rafal Kaminski]

I see that one from Google:

You are receiving this error either because your input OAuth2 scope name is invalid or it refers to a newer scope that is outside the domain of this legacy API. This API was built at a time when the scope name format was not yet standardized. This is no longer the case and all valid scope names (both old and new) are catalogued at https://developers.google.com/identity/protocols/oauth2/scopes. Use that webpage to lookup (manually) the scope name associated with the API you are trying to call and use it to craft your OAuth2 request.