Open jgmachine opened 3 years ago
Were you able to find an alternate scope for that? I'm still pretty new to API/OATH stuff and couldn't find that scope listed here, so I can't figure out what a comparable scope might be: https://developers.google.com/identity/protocols/oauth2/scopes
Looks like I'm able to do everything except manage users, which is the main thing I was hoping to use this module for. Get-GSUserList fails with this error:
Get-GSUser: Exception calling "Execute" with "0" argument(s): "Error:"disabled_client", Description:"The OAuth client was disabled.", Uri:"""
I ended up having to put all the sub-scopes from https://www.googleapis.com/auth/admin.directory
individually. Namely
https://www.googleapis.com/auth/admin.directory.customer
https://www.googleapis.com/auth/admin.directory.device.chromeos
https://www.googleapis.com/auth/admin.directory.device.mobile
https://www.googleapis.com/auth/admin.directory.domain
https://www.googleapis.com/auth/admin.directory.group
https://www.googleapis.com/auth/admin.directory.group.member
https://www.googleapis.com/auth/admin.directory.orgunit
https://www.googleapis.com/auth/admin.directory.rolemanagement
https://www.googleapis.com/auth/admin.directory.user
https://www.googleapis.com/auth/admin.directory.user.security
https://www.googleapis.com/auth/admin.directory.resource.calendar
https://www.googleapis.com/auth/admin.directory.userschema
That said I'm not sure why Google changed being able to hit them all with just https://www.googleapis.com/auth/admin.directory/
. I guess it is best practice to only scope the permissions you're actually planning on using though.
Describe the bug https://www.googleapis.com/auth/admin.directory is an invalid scope and I think the page where scopes are entered has changed.
To Reproduce Steps to reproduce the behavior:
Expected behavior Copy and paste scopes from setup instructions and they should all get added.
Additional context I think instructions also need to be updated to go to Security > API Controls > Domain-wide Delegation to enter these scopes. It took me a minute to realize there was an invalid scope, as when you try to authorize the scopes it wasn't very clear that there was an error.