0

The problem: I get an empty result when accessing the activity audit oauth token with eventName=activity in google-admin-sdk.

What I've tried: GET https://www.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=activity

If I filter the event with eventName=authorize I see all the expected results. I'm accessing the api with an oauth token that was issued by an admin and has scope=https://www.googleapis.com/auth/admin.reports.audit.readonly

The output should not be empty since I have used many google oauth tokens in third party apps that access my data in google

Some help on this matter? Thanks! :)

Micael Lasry
  • 1

1 Answers1

0

Your request is correct, however I am not sure either third party apps will be listed in the results.

  • Try (or the admin should try) to perform an activity that can be expected for sure to be listed
  • For example, perform a request with the Try this API
  • The response for
curl \
  'https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=activity&key=[YOUR_API_KEY]' \
  --header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
  --header 'Accept: application/json' \
  --compressed

is in my case

{
  "kind": "admin#reports#activities",
  "etag": "XXX",
  "nextPageToken": "A:1606425471182618:8574055294017871466:151219070090:C01bs255h",
  "items": [
    {
      "kind": "admin#reports#activity",
      "id": {
        "time": "2020-12-01T09:24:24.330Z",
        "uniqueQualifier": "2270403000344494958",
        "applicationName": "token",
        "customerId": "YYY"
      },
      "etag": "ZZZ",
      "actor": {
        "email": "AAA,
        "profileId": "BBB"
      },
      "ipAddress": "31.4.243.197",
      "events": [
        {
          "type": "auth",
          "name": "activity",
          "parameters": [
            {
              "name": "api_name",
              "value": "admin"
            },
            {
              "name": "method_name",
              "value": "reports.activities.list"
            },
...
ziganotschka
  • 25,866
  • 2
  • 16
  • 33
  • Thanks ziganotschka! We did try activities that should be listed and still not seeing anything. What gsuite plan do you have? What scopes your token have? – Micael Lasry Dec 02 '20 at 10:26
  • I am using `scope=https://www.googleapis.com/auth/admin.reports.audit.readonly` - just as you and I have a Gsuite account - any of them should have the permission to make this request. I suggest you to test with the [OAuth playground](https://developers.google.com/oauthplayground/) and with the [Try this API](https://developers.google.com/admin-sdk/reports/reference/rest/v1/activities/list). For the latter it is not enough to have an authentication token, you need to authenticate as an admin. Mind that the authentication token given to you by the admin expires after an hour. – ziganotschka Dec 02 '20 at 11:06
  • If you establish that the problem is not related to your token / authorization and you can retrieve other activities than the ones performed by the 3rd party APIs, you can assume that the latter simply cannot be retrieved with this request. – ziganotschka Dec 02 '20 at 11:07
  • Thanks again. I just see no entries at all. I have an admin token and Im able to retrieve authorize events but I dont see any activity events though I know they exist. I dont get whats going on – Micael Lasry Dec 02 '20 at 13:30
  • Thanks again. I just see no entries at all. I have an admin token and Im able to retrieve authorize events but I dont see any activity events though I know they exist. I dont get whats going on – Micael Lasry Dec 02 '20 at 13:30
  • To excluded problems with the tolen, can you ask the admin to perform the request himself? – ziganotschka Dec 02 '20 at 13:31