ManageOauthClients from CLI

43 views
Skip to first unread message

benj...@gridworxwalls.com

unread,
May 25, 2018, 9:21:28 AM5/25/18
to Google Cloud Developers
So, this happened:

(some time ago)
1- Created Service Account in Cloud Platform Project from https://console.cloud.google.com/iam-admin/serviceaccounts
2- Enabled multiple APIs from https://console.developers.google.com/apis/
3- Registered multiple API scopes using Service Account ID from https://admin.google.com/ManageOauthClients
4- Deployed mulitple scripts using some scopes from previous step to call APIs to act on Cloud Platform Project
...
(present day)
5- Enabled one additional API from https://console.developers.google.com/apis/
6- Registered one single API scope using Service Account ID from https://admin.google.com/ManageOauthClients
7- Deployed one script using single scope from previous step to call API to act on Cloud Platform Project

Unless I'm mistaken, step 6 overwrote step 3, and all of the scopes which were previously registered for the Service Account are no longer. As a result, all of the code deployed in step 4 is now raising "unauthorized client" exceptions. I believe one way to resolve these errors would be to concatenate the scope from step 6 with the scopes from step 3 in a single, comma-separated list. The problem is, I have no record of the original values registered in step 3.

Going forward, I could plan to create a new service account for every round of additions, but I don't want to do that. What I want is command line access to Admin-Security-Advanced-Authentication-ApiClientAccess, similar to `gcloud iam service-accounts list` or `gcloud services list --enabled` so that I can get a plain-text record of all my Cloud Platform Project settings under version control. Is this available? Is there another way to avoid the pitfall I encountered?

Any feedback is appreciated.

Benjamin

Jordan (Cloud Platform Support)

unread,
May 25, 2018, 2:27:43 PM5/25/18
to Google Cloud Developers
This looks like a limitation or issue with the G Suit Admin Dashboard, and not Google Cloud specifically. It is therefore recommended to report your findings directly to the G Suit team via the 'Contact Us' button in the top right of the associated help page.  

- Note that Google Groups is reserved for general product discussions, and not for reporting Google-end issues. All further communications should occur with G Suit support as mentioned above. 
Reply all
Reply to author
Forward
0 new messages