Currently, people using Google Apps can authorize any third party mobile or web application which supports login with a Google Apps account using OAuth to read their account data (e.g. Contacts, Calendar, Drive files, etc) to integrate with Google Apps. Each authorization grants an access token, which is then logged in the Apps Admin console. Previously, Admins could review the current state of OAuth tokens granted by people within their domain using the security tab, but could not access the change logs of authorized and revoked tokens.
With this launch, Google are adding a new audit report that allows admins to view ‘authorize’ and ‘revoke’ events for OAuth tokens within the Admin console Reports section and the Reports API. Admins can use this new audit report to find out what new apps have been installed by individual users and, if needed, can revoke access using the security tab. This improves admin visibility and control over access of third party apps by users in their domain.
In addition, admins can use the Reports API to set up a push notification for oAuth ‘authorize’ and ‘revoke’ events, generating an alert when a certain event happens. Optionally, admins can also revoke data grants using the Directory API.
To access the OAuth audit reports in Admin console, click on:
Reports -> Audit -> Token.