Complete the steps described in the rest of this page to create a simple Go
command-line application that makes requests to the Reports API.
Prerequisites
To run this quickstart, you need the following prerequisites:
- Go, latest version recommended.
- Git, latest version recommended.
A Google Cloud Platform project with the API enabled. To create a project and
enable an API, refer to
Create a project and enable the API
Note: For this quickstart, you are enabling the "Reports API".
- Authorization credentials for a desktop application. To create credentials for
a desktop application, refer to
Create credentials.
- A Google Workspace domain with API access enabled
- A Google account in that domain with administrator privileges
Step 1: Prepare the workspace
- Set the
GOPATH environment variable to your working directory.
- Get the Reports API Go client library and OAuth2 package
using the following commands:
go get -u google.golang.org/api/admin/reports/v1
go get -u golang.org/x/oauth2/google
Step 2: Set up the sample
Create a file named quickstart.go in your working directory and copy
in the following code:
package main
import (
"encoding/json"
"fmt"
"io/ioutil"
"log"
"net/http"
"os"
"time"
"golang.org/x/net/context"
"golang.org/x/oauth2"
"golang.org/x/oauth2/google"
admin "google.golang.org/api/admin/reports/v1"
)
// Retrieve a token, saves the token, then returns the generated client.
func getClient(config *oauth2.Config) *http.Client {
// The file token.json stores the user's access and refresh tokens, and is
// created automatically when the authorization flow completes for the first
// time.
tokFile := "token.json"
tok, err := tokenFromFile(tokFile)
if err != nil {
tok = getTokenFromWeb(config)
saveToken(tokFile, tok)
}
return config.Client(context.Background(), tok)
}
// Request a token from the web, then returns the retrieved token.
func getTokenFromWeb(config *oauth2.Config) *oauth2.Token {
authURL := config.AuthCodeURL("state-token", oauth2.AccessTypeOffline)
fmt.Printf("Go to the following link in your browser then type the "+
"authorization code: \n%v\n", authURL)
var authCode string
if _, err := fmt.Scan(&authCode); err != nil {
log.Fatalf("Unable to read authorization code: %v", err)
}
tok, err := config.Exchange(context.TODO(), authCode)
if err != nil {
log.Fatalf("Unable to retrieve token from web: %v", err)
}
return tok
}
// Retrieves a token from a local file.
func tokenFromFile(file string) (*oauth2.Token, error) {
f, err := os.Open(file)
if err != nil {
return nil, err
}
defer f.Close()
tok := &oauth2.Token{}
err = json.NewDecoder(f).Decode(tok)
return tok, err
}
// Saves a token to a file path.
func saveToken(path string, token *oauth2.Token) {
fmt.Printf("Saving credential file to: %s\n", path)
f, err := os.OpenFile(path, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
log.Fatalf("Unable to cache oauth token: %v", err)
}
defer f.Close()
json.NewEncoder(f).Encode(token)
}
func main() {
b, err := ioutil.ReadFile("credentials.json")
if err != nil {
log.Fatalf("Unable to read client secret file: %v", err)
}
// If modifying these scopes, delete your previously saved token.json.
config, err := google.ConfigFromJSON(b, admin.AdminReportsAuditReadonlyScope)
if err != nil {
log.Fatalf("Unable to parse client secret file to config: %v", err)
}
client := getClient(config)
srv, err := admin.New(client)
if err != nil {
log.Fatalf("Unable to retrieve reports Client %v", err)
}
r, err := srv.Activities.List("all", "login").MaxResults(10).Do()
if err != nil {
log.Fatalf("Unable to retrieve logins to domain. %v", err)
}
if len(r.Items) == 0 {
fmt.Println("No logins found.")
} else {
fmt.Println("Logins:")
for _, a := range r.Items {
t, err := time.Parse(time.RFC3339Nano, a.Id.Time)
if err != nil {
fmt.Println("Unable to parse login time.")
// Set time to zero.
t = time.Time{}
}
fmt.Printf("%s: %s %s\n", t.Format(time.RFC822), a.Actor.Email,
a.Events[0].Name)
}
}
}
Step 3: Run the sample
Build and run the sample using the following command from your working
directory:
go run quickstart.go
The first time you run the sample, it prompts you to authorize access:
Browse to the provided URL in your web browser.
If you're not already signed in to your Google account, you're
prompted to sign in. If you're signed in to multiple Google accounts, you
are asked to select one account to use for authorization.
- Click the Accept button.
- Copy the code you're given, paste it into the command-line prompt, and press
Enter.
Notes
- Authorization information is stored on the file system, so subsequent
executions don't prompt for authorization.
- The authorization flow in this example is designed for a command-line
application. For information on how to perform authorization in a web
application, see
Using OAuth 2.0 for Web Server Applications .
Troubleshooting
This section describes some common issues that you may encounter while
attempting to run this quickstart and suggests possible solutions.
This app isn't verified
If the OAuth consent screen displays the warning
"This app isn't verified," your app is requesting scopes that provide
access to sensitive user data. If your application uses sensitive scopes, your
your app must go through the verification process
to remove that warning and other limitations. During the development phase you can
continue past this warning by clicking
Advanced > Go to {Project Name} (unsafe).
Further reading
For further information on the APIs used in this quickstart, refer to the google-api-go-client section of GitHub.
