OAuth Token Audit Activity Events

This document lists the events and parameters for various types of OAuth Token Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=token.

Auth

Events of this type are returned with type=auth.

Activity

Access activity for an application.

Event details

Event name activity

Parameters

`api_name`	`string` The API name which was used in the OAuth Activity.
`app_name`	`string` The application for which access was granted or revoked.
`client_id`	`string` Client ID to which access has been granted / revoked.
`client_type`	`string` The client type. Possible values: `CONNECTED_DEVICE` A connected device client. `NATIVE_ANDROID` An Android application. `NATIVE_APPLICATION` A native application. `NATIVE_CHROME_EXTENSION` A Chrome application. `NATIVE_DESKTOP` A native Desktop application. `NATIVE_DEVICE` A native device application. `NATIVE_IOS` An iOS application. `NATIVE_SONY` A native Sony application. `NATIVE_UNIVERSAL_WINDOWS_PLATFORM` A native Universal Windows Platform application. `TYPE_UNSPECIFIED` An unspecified client type. `WEB` A web application.
`method_name`	`string` The method name which was used in the OAuth Activity.
`num_response_bytes`	`integer` The number of response bytes in the OAuth Activity.
`product_bucket`	`string` The product bucket of the application associated with this OAuth Activity. Possible values: `APPS_SCRIPT_API` The Apps Script API product bucket. `APPS_SCRIPT_RUNTIME` The Apps Script runtime product bucket. `CALENDAR` The Calendar product bucket. `CLASSROOM` The Classroom product bucket. `CLOUD_SEARCH` The Cloud Search product bucket. `COMMUNICATIONS` The Communications product bucket. `CONTACTS` The Contacts product bucket. `DRIVE` The Drive product bucket. `GMAIL` The Gmail product bucket. `GPLUS` The G+ product bucket. `GROUPS` The Groups product bucket. `GSUITE_ADMIN` The Google Workspace Admin product bucket. `IDENTITY` The Identity product bucket. `OTHER` A product bucket for applications that don't fall into the other buckets. `TASKS` The Tasks product bucket. `VAULT` The Vault product bucket.

Sample request

GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=activity&maxResults=10&access_token=YOUR_ACCESS_TOKEN

Admin Console message format

{app_name} called {method_name} on behalf of {actor}

Authorize

A user authorized access to an application for their data.

Event details

Event name authorize

Parameters

`app_name`	`string` The application for which access was granted or revoked.
`client_id`	`string` Client ID to which access has been granted / revoked.
`client_type`	`string` The client type. Possible values: `CONNECTED_DEVICE` A connected device client. `NATIVE_ANDROID` An Android application. `NATIVE_APPLICATION` A native application. `NATIVE_CHROME_EXTENSION` A Chrome application. `NATIVE_DESKTOP` A native Desktop application. `NATIVE_DEVICE` A native device application. `NATIVE_IOS` An iOS application. `NATIVE_SONY` A native Sony application. `NATIVE_UNIVERSAL_WINDOWS_PLATFORM` A native Universal Windows Platform application. `TYPE_UNSPECIFIED` An unspecified client type. `WEB` A web application.
`scope`	`string` Scopes under which access was granted / revoked.
`scope_data`	`message` Scope Data.

Sample request

GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=authorize&maxResults=10&access_token=YOUR_ACCESS_TOKEN

Admin Console message format

{actor} authorized access to {app_name} for {scope} scopes

Request

Access requested for an application.

Event details

Event name request

Parameters

`app_name`	`string` The application for which access was granted or revoked.
`client_id`	`string` Client ID to which access has been granted / revoked.
`client_type`	`string` The client type. Possible values: `CONNECTED_DEVICE` A connected device client. `NATIVE_ANDROID` An Android application. `NATIVE_APPLICATION` A native application. `NATIVE_CHROME_EXTENSION` A Chrome application. `NATIVE_DESKTOP` A native Desktop application. `NATIVE_DEVICE` A native device application. `NATIVE_IOS` An iOS application. `NATIVE_SONY` A native Sony application. `NATIVE_UNIVERSAL_WINDOWS_PLATFORM` A native Universal Windows Platform application. `TYPE_UNSPECIFIED` An unspecified client type. `WEB` A web application.
`scope`	`string` Scopes under which access was granted / revoked.
`scope_data`	`message` Scope Data.

Sample request

GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=request&maxResults=10&access_token=YOUR_ACCESS_TOKEN

Admin Console message format

{actor} requested access to {app_name} for {scope} scopes

Revoke

Access revoked for an application to a users data.

Event details

Event name revoke

Parameters

`app_name`	`string` The application for which access was granted or revoked.
`client_id`	`string` Client ID to which access has been granted / revoked.
`client_type`	`string` The client type. Possible values: `CONNECTED_DEVICE` A connected device client. `NATIVE_ANDROID` An Android application. `NATIVE_APPLICATION` A native application. `NATIVE_CHROME_EXTENSION` A Chrome application. `NATIVE_DESKTOP` A native Desktop application. `NATIVE_DEVICE` A native device application. `NATIVE_IOS` An iOS application. `NATIVE_SONY` A native Sony application. `NATIVE_UNIVERSAL_WINDOWS_PLATFORM` A native Universal Windows Platform application. `TYPE_UNSPECIFIED` An unspecified client type. `WEB` A web application.
`scope`	`string` Scopes under which access was granted / revoked.
`scope_data`	`message` Scope Data.

Sample request

GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=revoke&maxResults=10&access_token=YOUR_ACCESS_TOKEN

Admin Console message format

{actor} revoked access to {app_name} for {scope} scopes