Google has added a new event to the OAuth Token Audit Activity Events in the Reports API and Reports section of the Admin console. This new event is called “Activity,” and it shows how second- and third-party apps are using the G Suite OAuth API tokens they’ve been granted. This event is in addition to the previously available Authorize and Revoke events.
Google also added a new parameter—called “Scope_data”—to both the Authorize and Revoke events, which allows you to filter logs based on which OAuth scope and product bucket was granted.
Why you’d use it
The new Activity event allows you to see which methods are being called by second- and third-party apps on behalf of users via OAuth grants, removing some of the guesswork that previously existed around OAuth exposure. The Scope_data parameter allows you to filter Authorize and Revoke activity based on the specific scope that was granted.
How to get started
The “Activity” event is triggered when a second- or third-party application calls a Google Product API using the OAuth protocol on behalf of one of your users. If your organization uses multiple second- or third-party apps, you may see a large increase in event traffic.
Developers Guide: OAuth Token Audit Activity Events
Help Center: OAuth Token audit log
- Rapid Release domains: This feature is available now.
- Scheduled Release domains: This feature is available now.
G Suite editions
- Available to G Suite Enterprise, G Suite Enterprise for Education, Drive Enterprise, and Cloud Identity Premium
- Not available to G Suite Basic, G Suite Business, G Suite for Education, and G Suite for Nonprofits
On/off by default?
- This feature will be ON by default.