prompt for admin email and use as hint

src/gam-install.sh

@@ -11,6 +11,7 @@ OPTIONS:
    -a      Architecture to install (i386, x86_64, arm). Default is to detect your arch with "uname -m".
    -o      OS we are running (linux, macos). Default is to detect your OS with "uname -s".
    -p      Profile update (true, false). Should script add gam command to environment. Default is true.
+   -u      Admin user email address to use with GAM. Default is to prompt.
    -v      Version to install (latest, prerelease, draft, 3.8, etc). Default is latest.
 EOF
 }
@@ -20,7 +21,8 @@ gamarch=$(uname -m)
 gamos=$(uname -s)
 update_profile=true
 gamversion="latest"
-while getopts "hd:a:o:p:v:" OPTION
+adminuser=""
+while getopts "hd:a:o:p:u:v:" OPTION
 do
      case $OPTION in
          h) usage; exit;;
@@ -28,6 +30,7 @@ do
          a) gamarch=$OPTARG;;
          o) gamos=$OPTARG;;
          p) update_profile=$OPTARG;;
+         u) adminuser=$OPTARG;;
          v) gamversion=$OPTARG;;
          ?) usage; exit;;
      esac
@@ -180,7 +183,10 @@ while true; do
   read -p "GAM is now installed. Are you ready to set up a Google API project for GAM? (yes or no) " yn
   case $yn in
     [Yy]*)
-      $target_dir/gam/gam create project
+      if [ "$adminuser" == "" ]; then
+        read -p "Please enter your G Suite admin email address: " adminuser
+      fi
+      $target_dir/gam/gam create project $adminuser
       rc=$?
       if (( $rc == 0 )); then
         echo_green "Project creation complete."
@@ -205,7 +211,7 @@ while $project_created; do
   read -p "Are you ready to authorize GAM to perform G Suite management operations as your admin account? (yes or no) " yn
   case $yn in
     [Yy]*)
-      $target_dir/gam/gam oauth create
+      $target_dir/gam/gam oauth create $adminuser
       rc=$?
       if (( $rc == 0 )); then
         echo_green "Admin authorization complete."
@@ -231,7 +237,7 @@ while $project_created; do
   case $yn in
     [Yy]*)
       echo_yellow "Great! Checking service account scopes.This will fail the first time. Follow the steps to authorize and retry. It can take a few minutes for scopes to PASS after they've been authorized in the admin console."
-      $target_dir/gam/gam check serviceaccount
+      $target_dir/gam/gam user $adminuser check serviceaccount
       rc=$?
       if (( $rc == 0 )); then
         echo_green "Service account authorization complete."

src/gam.py

@@ -6807,7 +6807,7 @@ def doCreateProject():
     login_hint = sys.argv[3]
   except IndexError:
     while True:
-      login_hint = raw_input(u'What is your G Suite admin email address? ')
+      login_hint = raw_input(u'\nWhat is your G Suite admin email address? ')
       if login_hint.find(u'@') == -1:
         print u'Error: that is not a valid email address'
       else:
@@ -9942,7 +9942,7 @@ OAUTH2_MENU += '''
 OAUTH2_CMDS = [u's', u'u', u'e', u'c']
 MAXIMUM_SCOPES = 28
 
-def doRequestOAuth():
+def doRequestOAuth(login_hint=None):
   def _checkMakeScopesList(scopes):
     del scopes[:]
     for i in range(num_scopes):
@@ -9962,10 +9962,13 @@ def doRequestOAuth():
     scopes.insert(0, u'email') # Email Display Scope, always included
     return (True, u'')
 
+  cs_file = os.path.join(GM_Globals[GM_GAM_PATH], FN_CLIENT_SECRETS_JSON)
   MISSING_CLIENT_SECRETS_MESSAGE = u"""Please configure OAuth 2.0
 
 To make GAM run you will need to populate the {0} file found at:
+
 {1}
+
 with information from the APIs Console <https://console.developers.google.com>.
 
 See this site for instructions:
@@ -9973,6 +9976,26 @@ See this site for instructions:
 
 """.format(FN_CLIENT_SECRETS_JSON, GC_Values[GC_CLIENT_SECRETS_JSON], GAM_WIKI_CREATE_CLIENT_SECRETS)
 
+  cs_data = readFile(cs_file, mode=u'rb', continueOnError=True, displayError=True, encoding=None)
+  if not cs_data:
+    systemErrorExit(14, MISSING_CLIENT_SECRETS_MESSAGE)
+  try:
+    cs_json = json.loads(cs_data)
+    client_id = cs_json[u'installed'][u'client_id']
+    client_secret = cs_json[u'installed'][u'client_secret']
+  except (ValueError, IndexError, KeyError):
+    print u'ERROR: the format of your client secrets file:\n\n%s\n\n is incorrect. Please recreate the file.'
+    sys.exit(3)
+
+  try:
+    login_hint = sys.argv[3]
+  except IndexError:
+    while True:
+      login_hint = raw_input(u'\nWhat is your G Suite admin email address? ')
+      if login_hint.find(u'@') == -1:
+        print u'Error: that is not a valid email address'
+      else:
+        break
   num_scopes = len(OAUTH2_SCOPES)
   menu = OAUTH2_MENU % tuple(range(num_scopes))
   selected_scopes = []
@@ -10034,19 +10057,20 @@ See this site for instructions:
       status, message = _checkMakeScopesList(scopes)
       if status:
         break
-  try:
+  flow = oauth2client.client.OAuth2WebServerFlow(client_id=client_id,
-    FLOW = oauth2client.client.flow_from_clientsecrets(GC_Values[GC_CLIENT_SECRETS_JSON], scope=scopes)
+    client_secret=client_secret, scope=scopes, redirect_uri=oauth2client.client.OOB_CALLBACK_URN,
-  except oauth2client.client.clientsecrets.InvalidClientSecretsError:
+    user_agent=GAM_INFO, access_type=u'offline', response_type=u'code', login_hint=login_hint)
-    systemErrorExit(14, MISSING_CLIENT_SECRETS_MESSAGE)
   storage = oauth2client.file.Storage(GC_Values[GC_OAUTH2_TXT])
   credentials = storage.get()
   flags = cmd_flags(noLocalWebserver=GC_Values[GC_NO_BROWSER])
   if credentials is None or credentials.invalid:
     http = httplib2.Http(disable_ssl_certificate_validation=GC_Values[GC_NO_VERIFY_SSL])
     try:
-      credentials = oauth2client.tools.run_flow(flow=FLOW, storage=storage, flags=flags, http=http)
+      credentials = oauth2client.tools.run_flow(flow=flow, storage=storage, flags=flags, http=http)
     except httplib2.CertificateValidationUnsupported:
       noPythonSSLExit()
+  else:
+    print u'It looks like you\'ve already authorized GAM. Refusing to overwrite existing file:\n\n%s' % GC_Values[GC_OAUTH2_TXT]
 
 def batch_worker():
   while True: