OAuth Token Audit Activity Events

This document lists the events and parameters for various types of OAuth Token Audit activity events. You can retrieve these events by calling Activities.list() with applicationName=token.

Auth

Events of this type are returned with type=auth.

Activity

Access activity for an application.

Event details
Event name activity
Parameters
api_name

string

The API name which was used in the OAuth Activity.

app_name

string

The application for which access was granted or revoked.

client_id

string

Client ID to which access has been granted / revoked.

client_type

string

The client type. Possible values:

  • CONNECTED_DEVICE
    A connected device client.
  • NATIVE_ANDROID
    An Android application.
  • NATIVE_APPLICATION
    A native application.
  • NATIVE_CHROME_EXTENSION
    A Chrome application.
  • NATIVE_DESKTOP
    A native Desktop application.
  • NATIVE_DEVICE
    A native device application.
  • NATIVE_IOS
    An iOS application.
  • NATIVE_SONY
    A native Sony application.
  • NATIVE_UNIVERSAL_WINDOWS_PLATFORM
    A native Universal Windows Platform application.
  • TYPE_UNSPECIFIED
    An unspecified client type.
  • WEB
    A web application.
method_name

string

The method name which was used in the OAuth Activity.

num_response_bytes

integer

The number of response bytes in the OAuth Activity.

product_bucket

string

The product bucket of the application associated with this OAuth Activity. Possible values:

  • APPS_SCRIPT_API
    The Apps Script API product bucket.
  • APPS_SCRIPT_RUNTIME
    The Apps Script runtime product bucket.
  • CALENDAR
    The Calendar product bucket.
  • CLASSROOM
    The Classroom product bucket.
  • CLOUD_SEARCH
    The Cloud Search product bucket.
  • COMMUNICATIONS
    The Communications product bucket.
  • CONTACTS
    The Contacts product bucket.
  • DRIVE
    The Drive product bucket.
  • GMAIL
    The Gmail product bucket.
  • GPLUS
    The G+ product bucket.
  • GROUPS
    The Groups product bucket.
  • GSUITE_ADMIN
    The Google Workspace Admin product bucket.
  • IDENTITY
    The Identity product bucket.
  • OTHER
    A product bucket for applications that don't fall into the other buckets.
  • TASKS
    The Tasks product bucket.
  • VAULT
    The Vault product bucket.
Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=activity&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{app_name} called {method_name} on behalf of {actor}

Authorize

A user authorized access to an application for their data.

Event details
Event name authorize
Parameters
app_name

string

The application for which access was granted or revoked.

client_id

string

Client ID to which access has been granted / revoked.

client_type

string

The client type. Possible values:

  • CONNECTED_DEVICE
    A connected device client.
  • NATIVE_ANDROID
    An Android application.
  • NATIVE_APPLICATION
    A native application.
  • NATIVE_CHROME_EXTENSION
    A Chrome application.
  • NATIVE_DESKTOP
    A native Desktop application.
  • NATIVE_DEVICE
    A native device application.
  • NATIVE_IOS
    An iOS application.
  • NATIVE_SONY
    A native Sony application.
  • NATIVE_UNIVERSAL_WINDOWS_PLATFORM
    A native Universal Windows Platform application.
  • TYPE_UNSPECIFIED
    An unspecified client type.
  • WEB
    A web application.
scope

string

Scopes under which access was granted / revoked.

scope_data

message

Scope Data.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=authorize&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} authorized access to {app_name} for {scope} scopes

Request

Access requested for an application.

Event details
Event name request
Parameters
app_name

string

The application for which access was granted or revoked.

client_id

string

Client ID to which access has been granted / revoked.

client_type

string

The client type. Possible values:

  • CONNECTED_DEVICE
    A connected device client.
  • NATIVE_ANDROID
    An Android application.
  • NATIVE_APPLICATION
    A native application.
  • NATIVE_CHROME_EXTENSION
    A Chrome application.
  • NATIVE_DESKTOP
    A native Desktop application.
  • NATIVE_DEVICE
    A native device application.
  • NATIVE_IOS
    An iOS application.
  • NATIVE_SONY
    A native Sony application.
  • NATIVE_UNIVERSAL_WINDOWS_PLATFORM
    A native Universal Windows Platform application.
  • TYPE_UNSPECIFIED
    An unspecified client type.
  • WEB
    A web application.
scope

string

Scopes under which access was granted / revoked.

scope_data

message

Scope Data.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=request&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} requested access to {app_name} for {scope} scopes

Revoke

Access revoked for an application to a users data.

Event details
Event name revoke
Parameters
app_name

string

The application for which access was granted or revoked.

client_id

string

Client ID to which access has been granted / revoked.

client_type

string

The client type. Possible values:

  • CONNECTED_DEVICE
    A connected device client.
  • NATIVE_ANDROID
    An Android application.
  • NATIVE_APPLICATION
    A native application.
  • NATIVE_CHROME_EXTENSION
    A Chrome application.
  • NATIVE_DESKTOP
    A native Desktop application.
  • NATIVE_DEVICE
    A native device application.
  • NATIVE_IOS
    An iOS application.
  • NATIVE_SONY
    A native Sony application.
  • NATIVE_UNIVERSAL_WINDOWS_PLATFORM
    A native Universal Windows Platform application.
  • TYPE_UNSPECIFIED
    An unspecified client type.
  • WEB
    A web application.
scope

string

Scopes under which access was granted / revoked.

scope_data

message

Scope Data.

Sample request
GET https://admin.googleapis.com/admin/reports/v1/activity/users/all/applications/token?eventName=revoke&maxResults=10&access_token=YOUR_ACCESS_TOKEN
Admin Console message format
{actor} revoked access to {app_name} for {scope} scopes