-
Notifications
You must be signed in to change notification settings - Fork 473
OAuthKeyManagement
Windows DOS Shell:
set OAUTHFILE=oauth.txt-mydomain.com
Windows PowerShell:
$env:OAUTHFILE="oauth.txt-mydomain.com"
Linux / OSX:
export OAUTHFILE=oauth.txt-mydomain.com
By default, GAM saves OAuth credentials to a file named oauth.txt. This works fine if you only have one Google Apps instance to admin but if you have multiple, juggling this file can get complicated. If the environment variable OAUTHFILE is set, GAM will use that filename instead of oauth.txt for creating and reading OAuth authentication.
Note that the file name can be whatever you prefer, and the file must be stored in the same location as gam.exe or gam.py.
This DOS shell example switches between OAuth files for multi GAM runs.
set OAUTHFILE=oauth.txt-mydomain.com
gam info domain
Google Apps Domain: mydomain.com
Default Language: en
Organization Name: My Domain
Maximum Users: 15
...
set OAUTHFILE=oauth.txt-mypalsdomain.com
gam info domain
Google Apps Domain: mypalsdomain.com
Default Language: en
Organization Name: My Pal's Domain
Maximum Users: 5
...
gam oauth info
Displays information about the current OAuth token. Note that if the token was created with a version of GAM older than 2.5, it won't be possible to read what admin created the token, you'll need to revoke and recreate the token with 2.5 to see this information.
This example displays information about the current token
gam oauth info
OAuth File: /home/jay/bin/gam/oauth.txt-mydomain.com
Google Apps Domain: mydomain.com
Client ID: 01010101010.apps.googleusercontent.com
Secret: XYZXXYZZZZZZZ
Scopes:
https://apps-apis.google.com/a/feeds/groups/
https://apps-apis.google.com/a/feeds/alias/
https://apps-apis.google.com/a/feeds/policies/
https://apps-apis.google.com/a/feeds/user/
https://apps-apis.google.com/a/feeds/emailsettings/2.0/
https://apps-apis.google.com/a/feeds/calendar/resource/
https://apps-apis.google.com/a/feeds/compliance/audit/
https://apps-apis.google.com/a/feeds/domain/
https://www.googleapis.com/auth/apps/reporting/audit.readonly
https://www.googleapis.com/auth/apps.groups.settings
https://www.google.com/m8/feeds
https://www.google.com/calendar/feeds/
https://www.google.com/hosted/services/v1.0/reports/ReportingData
Google Apps Admin: jay@mydomain.com
gam oauth revoke
Revokes the current OAuth token (de-authorizing it from Google's end) and deletes the current OAuth file. There is no undo from this operation! Once revoked, you'll need to re-authorize using a Google Apps admin account. Note that you can also revoke OAuth tokens from the Google Accounts page of the admin who created the token. Tokens can also be revoked in the Google Apps Control Panel by opening the security tab of the authorizing user.
This example revokes (destroys) and deletes current OAuth token
gam oauth revoke
This OAuth token will self-destruct in 3...2...1...boom!
Need more help? Ask on the GAM Discussion Group
GAM Basics
GAM Tutorials
- Managing Users, Groups, Aliases, Domains, Mobile and Chrome Devices, and Resource Calendars
- Group Settings
- Data Transfers
- Print Users, Groups, Aliases, Mobile and Chrome OS devices, OUs, Licenses and Reports
- Managing Custom User Schemas
- User Email Settings
- User Security Settings
- Managing Classroom
- Managing Devices
- Chrome Policy Settings
- Chrome Browser Management
- Calendar Settings
- Unmanaged Users and Invitations
- Google Drive Management
- Inbound SSO Settings
- Managing Admins
- Domain Verification
- Printers
- Managing Product Licenses
- Context Aware Access levels
- Managing Organizations
- OAuth Authentication Related Commands
- Vault / Takeout Commands
- Bulk Operations
GAM Command Reference
Resources
- Questions? Visit the GAM Discussion Forum
- How to run GAM on Chromebooks / Chrome OS and Android devices.
- Setting up GAM on Google Cloud Platform (GCP)
- Running GAM on Google Compute Engine (GCE) VMs Securly
- Using GAM with a Delegated Admin Service Account (DASA)
- Use a YubiKey for Service Account Authentication
- Verify a GAM Install is Official and Legimate