I need to obtain all users in a workspace and what applications they have granted access to their account. This list needs to be updated on a day-to-day basis (not just one time).
I'm using the google-apis Ruby gem to collect details about all users in a given workspace. I'm struggling with determining what applications the users have authorized to access their account.
I'm using the list_users method to get users. It doesn't seem to have a way to return token grants: https://googleapis.dev/ruby/google-api-client/v0.27.1/Google/Apis/AdminDirectoryV1/DirectoryService.html#list_users-instance_method
I know I can use the list_tokens method to get the applications connected for each user but that requires that I hit the endpoint once for every user. I'll be doing this with workspaces which will have tens of thousands of users. Some endpoints allow you to specify "all" as the user ID but that doesn't seem to work with this one. https://googleapis.dev/ruby/google-api-client/v0.27.1/Google/Apis/AdminDirectoryV1/DirectoryService.html#list_tokens-instance_method
I've also tried the list activity method from the reports api. That one is VERY noisy and returns a record for every time they granted oauth access. Over years there could be hundreds of grants per user for a single application. I also don't see how I would know if a token has been removed using this. https://googleapis.dev/ruby/google-apis-admin_reports_v1/v0.18.0/Google/Apis/AdminReportsV1/ReportsService.html#list_activities-instance_method