--action check-service-account returns "400. That’s an error." for auth URL

[jboxman]

Please confirm the following:

• I have upgraded to the latest GYB release from https://github.com/jay0lee/got-your-back/releases and I still have this issue.

As of today.

• I am typing the command as described in the GAM Wiki at https://github.com/jay0lee/got-your-back/wiki

Yes.

Full steps to reproduce the issue:

1. Went through installation procedure, each step succeeded until this one
2. Try ~/bin/gyb/gyb --email <email>@gmail.com --action check-service-account without succes

Expected outcome (what are you trying to do?):

Success!

Actual outcome (what errors or bad behavior do you see instead?):

 Scope: https://mail.google.com/                                     FAIL
 Scope: https://www.googleapis.com/auth/apps.groups.migration        FAIL
 Scope: https://www.googleapis.com/auth/drive.appdata                FAIL
 Scope: https://www.googleapis.com/auth/userinfo.email               FAIL

Some scopes failed! To authorize them, please go to:

  https://gyb-shortn.jaylee.us/ndvxu8

Browser output:

400. That’s an error.

The server cannot process the request because it is malformed. It should not be retried. That’s all we know.

Attempted URL:

https://admin.google.com/accounts/SetOSID?authuser=0&continue=https%3A%2F%2Fadmin.google.com%2Fac%2Fowl%2Fdomainwidedelegation%3FclientScopeToAdd%3Dhttps%253A%252F%252Fmail.google.com%252F%252Chttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fapps.groups.migration%252Chttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fdrive.appdata%252Chttps%253A%252F%252Fwww.googleapis.com%252Fauth%252Fuserinfo.email%26clientIdToAdd%3D...&osidt=...&ifkv=...

I cannot access admin.google.com; I'm told I need a G Suite account for that:

admin.google.com is used for Google Workspace accounts only. Regular Gmail accounts cannot be used to sign in to admin.google.com. Learn More

Is a Google Workspace account now required for this to work?

Thanks.

[stale[bot]]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.

[jay0lee]

Yes, a Workspace account is required for service account usage. Closing this one.