This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Log in to ask a question

Google App Script AdminSDK for iterating through a users "Connnected Applications" for Offboarding

Posted on 10-05-2023 11:36 AM
bpanday
Bronze 3
Bronze 3
Reply posted on --/--/---- --:-- AM

Google App Script AdminSDK for iterating through a users "Connected Applications" for Offboarding Purposes. 

Is there an API available or AdminSDK ? 

As of now I've been using the AdminSDK to preform other essential offboarding tasks such as "Sign-Out", "password reset", "group removal", "Organization Unit change" etc 

Reason for request is for automating offboarding tasks , one of which is to remove all "Connected Applications" on a users account. 

 

 

Solved Solved
1 4 1,335
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
callmestarfire
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hey

To automate offboarding tasks like removing "Connected Applications" for a user, you can leverage the Google Admin SDK using Google Apps Script. However, it's important to note that as of my last update in September 2021, there's no direct API within the Admin SDK specifically for managing "Connected Applications."

For revoking access or managing connected applications, you might need to use the OAuth 2.0 API. You can create a script that interacts with this API to revoke access tokens and refresh tokens associated with the user.

here's what you can do

function revokeAccess(userId) {
  var url = "https://accounts.google.com/o/oauth2/revoke?token=" + token;
  var response = UrlFetchApp.fetch(url, {
    method: "post",
    muteHttpExceptions: true
  });
  
  // Check the response and handle accordingly
}

Integrate this script into your offboarding process to revoke access for the user. While this approach won't directly iterate through "Connected Applications," it achieves the goal of revoking access for the user during offboarding.

 

 

View solution in original post

Jump to Solution
4 REPLIES 4

Posted on --/--/---- --:-- AM
callmestarfire
Bronze 2
Bronze 2
Reply posted on --/--/---- --:-- AM

Hey

To automate offboarding tasks like removing "Connected Applications" for a user, you can leverage the Google Admin SDK using Google Apps Script. However, it's important to note that as of my last update in September 2021, there's no direct API within the Admin SDK specifically for managing "Connected Applications."

For revoking access or managing connected applications, you might need to use the OAuth 2.0 API. You can create a script that interacts with this API to revoke access tokens and refresh tokens associated with the user.

here's what you can do

function revokeAccess(userId) {
  var url = "https://accounts.google.com/o/oauth2/revoke?token=" + token;
  var response = UrlFetchApp.fetch(url, {
    method: "post",
    muteHttpExceptions: true
  });
  
  // Check the response and handle accordingly
}

Integrate this script into your offboarding process to revoke access for the user. While this approach won't directly iterate through "Connected Applications," it achieves the goal of revoking access for the user during offboarding.

 

 

Jump to Solution

Posted on --/--/---- --:-- AM
bpanday
Bronze 3
Bronze 3
In response to callmestarfire
Reply posted on --/--/---- --:-- AM

I actually found another solution , sharing with you to see if this can also work .

Code below is snippets from my current app script that uses a for loop to iterate through each token in array and remove / delete based on specified user .

AdminSDK is built right into app script, just have to add "Admin Directory" Service on your app script and as you type out commands you can have app script autocomplete and provide more information on each command chosen. Pretty Neat. 

 

//Retrieve Tokens for specified User

var userconnectedApps = AdminDirectory.Tokens.list("test@exampledomain.com");
 
//Deleting Tokens , "UserKey = email address specified above, clientIDarr[i] = array of //tokens 
 var clientIDDelete = AdminDirectory.Tokens.remove(userKey, clientIdArr[i]);
Jump to Solution

Posted on --/--/---- --:-- AM
callmestarfire
Bronze 2
Bronze 2
In response to bpanday
Reply posted on --/--/---- --:-- AM

oh that's cool! i'm glad you found that solution. sorry for suggesting a method that was too weird for you ๐Ÿ˜ฟ

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
bpanday
Bronze 3
Bronze 3
In response to callmestarfire
Reply posted on --/--/---- --:-- AM

Thank you for your help! I  will actually try to use your format for making a API request to external sites for deactivating additional user accounts that were created manually on those external sites. Also, not all features are enabled on the AdminSDK an will have to use your code for performing device "sign-out", such as calling the cloud identity api. However, the adminSDK has covered about 95% of the users google workspace account removal process. 

Here is a link you can use if you want to check out the adminSDK

https://developers.google.com/admin-sdk/directory/v1/quickstart/apps-script

 

Jump to Solution
0 Likes
Top Solution Authors
View all