Update documentation (#454 )

* Fix create project to handle Google change * Handle newlines in app name Don’t output name/value for name == u'accounts:authorized_apps’, apps are listed later * Cleanup My typos: 614, 813 Pylint: 887, 3618/4184, 8657, 8751 Your typo: 6794 * Update documentation
Clean up (#453 )
2026-06-24 08:01:36 +00:00 · 2017-03-22 22:05:57 -04:00 · 2017-03-22 20:39:44 -04:00 · 2017-03-22 16:56:37 -04:00 · 2017-03-22 15:45:20 -04:00 · 2017-03-22 14:33:27 -04:00
39 changed files with 3670 additions and 1950 deletions
--- a/README.md
+++ b/README.md
@@ -1,22 +1,19 @@
 GAM
 ============================
 GAM is a command line tool for Google G Suite Administrators to manage domain and user settings quickly and easily.
-
+# Quick Start
-Downloads
+## Linux / MacOS
---------
+Open a terminal and run:
-You can download the current GAM release from the [GitHub Releases] page.
+```
-
+bash <(curl -s -S -L https://git.io/install-gam)
-Documentation
+```
------------------
+this will download GAM, install it and start setup.
 ## Windows
 Download the MSI Installer from the [GitHub Releases] page. Install the MSI and you'll be prompted to setup GAM.
 # Documentation
 The GAM documentation is hosted in the [GitHub Wiki]
-
+# Mailing List / Discussion group
 Mailing List / Discussion group
 -------------------------------
 The GAM mailing list / discussion group is hosted on [Google Groups].  You can join the list and interact via email, or just post from the web itself.
-
+# Author
-Author
+GAM is maintained by <a href="mailto:jay0lee@gmail.com">Jay Lee</a>. Please direct "how do I?" questions to the mailing list.
 ------
 GAM is maintained by <a href="mailto:jay0lee@gmail.com">Jay Lee</a>.
 [GAM release]: https://git.io/gamreleases
 [GitHub Releases]: https://github.com/jay0lee/GAM/releases
--- a/src/GamCommands.txt
+++ b/src/GamCommands.txt
@@ -1,6 +1,8 @@
 This document describes the GAM command line syntax in  modified BNF, see https://en.wikipedia.org/wiki/Backus-Naur_Form
 Skip the History section and start reading at Introduction.
 Items on the command line are space separated, when an actual space character is required, it will be indicated by <Space>.
-If an item contains spaces, it should be surrounded by " or '.
+If an item contains spaces, it should be surrounded by ".
 [] optional item
 () group items
@@ -8,24 +10,46 @@ If an item contains spaces, it should be surrounded by " or '.
 + item may appear one or more times
 | separates alternative items
-# Primatives
+Primitives
 <Digit> ::= 0|1|2|3|4|5|6|7|8|9
 <Number> ::= <Digit>+
 <Hex> ::= <Digit>|a|b|c|d|e|f|A|B|C|D|E|F
 <Space> ::= an actual space character
-<String> ::= a string of characters, surrounded by " or ' if it contains spaces
+<String> ::= a string of characters, surrounded by " if it contains spaces
 <TrueValues> ::= true|on|yes|enabled|1
 <FalseValues>= false|off|no|disabled|0
 <DataTransferService> ::= googledrive|gdrive|drive|"drive and docs"
-<ProductID> ::= Google-Apps|Google-Coordinate|Google-Drive-storage|Google-Vault
+<ProductID> ::=
-<SKUID> ::= apps|gafb|gafw|gams|gau|unlimited|d4w|dfw|coordinate|vault|vfe|
+	Google-Apps|
-	    drive-20gb|drive20gb|20gb|drive-50gb|drive50gb|50gb|drive-200gb|drive200gb|200gb|drive-400gb|drive400gb|400gb|
+	Google-Chrome-Device-Management|
-	    drive-1tb|drive1tb|1tb|drive-2tb|drive2tb|2tb|drive-4tb|drive4tb|4tb|drive-8tb|drive8tb|8tb|drive-16tb|drive16tb|16tb
+	Google-Coordinate|
 	Google-Drive-storage|
 	Google-Vault
 <SKUID> ::=
 	gafb|gafw|basic|gsuitebasic|Google-Apps-For-Business|
 	gafg|gsuitegovernment|gsuitegov|Google-Apps-For-Government|
 	gams|postini|gsuitegams|gsuitepostini|gsuitemessagesecurity|Google-Apps-For-Postini|
 	gal|lite|gsuitelite|Google-Apps-Lite|
 	gau|unlimited|gsuitebusiness|Google-Apps-Unlimited|
 	gae|enterprise|gsuiteenterprise|1010020020|
 	chrome|cdm|googlechromedevicemanagement|Google-Chrome-Device-Management|
 	coordinate|googlecoordinate|Google-Coordinate|
 	drive20gb|20gb|googledrivestorage20gb|Google-Drive-storage-20GB|
 	drive50gb|50gb|googledrivestorage50gb|Google-Drive-storage-50GB|
 	drive200gb|200gb|googledrivestorage200gb|Google-Drive-storage-200GB|
 	drive400gb|400gb|googledrivestorage400gb|Google-Drive-storage-400GB|
 	drive1tb|1tb|googledrivestorage1tb|Google-Drive-storage-1TB|
 	drive2tb|2tb|googledrivestorage2tb|Google-Drive-storage-2TB|
 	drive4tb|4tb|googledrivestorage4tb|Google-Drive-storage-4TB|
 	drive8tb|8tb|googledrivestorage8tb|Google-Drive-storage-8TB|
 	drive16tb|16tb|googledrivestorage16tb|Google-Drive-storage-16TB|
 	vault|googlevault|Google-Vault|
 	vfe|googlevaultformeremployee|Google-Vault-Former-Employee
 <Charset> ::= ascii|mbcs|utf-8|utf-8-sig|utf-16|<String>
 <FileFormat> ::= csv|html|txt|tsv|jpeg|jpg|png|svg|pdf|rtf|pptx|xlsx|docx|odt|ods|openoffice|ms|microsoft|micro$oft
 <Language> ::= ar|bn|bg|ca|zh-CN|zh-TW|hr|cs|da|nl|en|en-GB|et|fi|fr|de|el|gu|iw|is|in|it|ja|kn|ko|lv|lt|ms|ml|mr|no|or|fa|pl|pt-BR|pt-PT|ro|ru|sr|sk|sl|es|sv|tl|ta|te|th|tr|uk|ur|vi
-# Basic items built from primatives
+Basic items built from primitives
 <Boolean> ::= <TrueValues>|<FalseValues>
 <ByteCount> ::= <Number>[m|k|b]
 <CIDRnetmask> ::= <Number>.<Number>.<Number>.<Number>/<Number>
@@ -46,7 +70,7 @@ If an item contains spaces, it should be surrounded by " or '.
 <Tag> ::= <String>
 <UniqueID> ::= uid:<String>
-# Named items
+Named items
 <AccessToken> ::= <String>
 <ACLScope> ::= [user:]<EmailAddress>|group:<EmailAddress>|domain[:<DomainName>]|default
 <CalendarACLRole> ::= editor|freebusy|freebusyreader|owner|reader|writer
@@ -57,7 +81,7 @@ If an item contains spaces, it should be surrounded by " or '.
 <CourseID> ::= <Number>|d:<CourseAlias>
 <CourseParticipantType> ::= teacher|teachers|student|students
 <CrOSID> ::= <String>
-<CrOSItem> ::= <CrOSID>|(query:<QueryCrOS>)|(query <QueryCrOS>)
+<CrOSItem> ::= <CrOSID>|(query:<QueryCrOS>)
 <DestEmailAddress> ::= <EmailAddress>
 <DomainAlias> ::= <String>
 <DriveFileACLRole> :: =commenter|editor|owner|reader|writer
@@ -99,6 +123,7 @@ If an item contains spaces, it should be surrounded by " or '.
 <PrintJobStatus> ::= done|error|held|in_progress|queued|submitted
 <PropertyKey> ::= <String>
 <PropertyValue> ::= <String>
 <QueryCalendar> ::= <String>
 <QueryContact> ::= <String> See: https://developers.google.com/google-apps/contacts/v3/reference#contacts-query-parameters-reference
 <QueryCrOS> ::= <String> See: https://support.google.com/chrome/a/answer/1698333?hl=en
 <QueryDriveFile> :: = <String> See: https://developers.google.com/drive/v2/web/search-parameters 
@@ -113,13 +138,34 @@ If an item contains spaces, it should be surrounded by " or '.
 <RoleAssignmentID> ::= <String>
 <SchemaName> ::= <String>
 <Section> ::= <String>
 <S/MIMEID> ::= <String>	
 <StudentItem> ::= <EmailAddress>|<UniqueID>|<String>
 <TeamDriveID> ::= <String>
 <Timezone> ::= <String>
 <Title> ::= <String>
 <URI> ::= <String>
 <URL> ::= <String>
 <UserItem> ::= <EmailAddress>|<UniqueID>|<String>
 <CourseFieldName> ::=
 	alternatelink|
 	coursegroupemail|
 	coursematerialsets|
 	coursestate|
 	creationtime|
 	description|
 	descriptionheading|
 	enrollmentcode|
 	guardiansenabled|
 	id|
 	name|
 	ownerid|
 	room|
 	section|
 	teacherfolder|
 	teachergroupemail|
 	updatetime
 <CourseFieldNameList> ::= "<CourseFieldName>(,<CourseFieldName>)*"
 <CrOSFieldName> ::=
 	activetimeranges|timeranges|
@@ -223,6 +269,7 @@ If an item contains spaces, it should be surrounded by " or '.
 	customreplyto|
 	defaultmessagedenynotificationtext|
 	description|
 	directmemberscount|
 	email|
 	id|
 	includeinglobaladdresslist|gal|
@@ -281,6 +328,8 @@ If an item contains spaces, it should be surrounded by " or '.
 	ipwhitelisted|
 	isdelegatedadmin|admin|isadmin|
 	ismailboxsetup|
 	is2svenforced|
 	is2svenrolled|
 	lastlogintime|
 	noneditablealiases|aliases|nicknames|
 	notes|note|
@@ -296,45 +345,45 @@ If an item contains spaces, it should be surrounded by " or '.
 <UserOrderByFieldName> ::=
 	familyname|lastname|givenname|firstname|email
-# Named Lists
+Named Lists
-# Lists can be in the following formats
+Lists can be in the following formats
-# Items, separated by commas, without spaces or commas in the items themselves: item(,item)*
+Items, separated by commas, without spaces or commas in the items themselves: item(,item)*
-# Items, separated by spaces, without spaces or commas in the items themselves: "item( item)*"
+Items, separated by spaces, without spaces or commas in the items themselves: "item( item)*"
-# Items, separated by commas, with spaces or commas in the items themselves: "'it em'(,'it em')*"
+Items, separated by commas, with spaces or commas in the items themselves: "'it em'(,'it,em')*"
-# Items, separated by spaces, with spaces or commas in the items themselves: "'it em'( 'it em')*"
+Items, separated by spaces, with spaces or commas in the items themselves: "'it em'( 'it,em')*"
-<ACLList> ::== '<ACLScope>(,<ACLScope>)*'
+<ACLList> ::== "<ACLScope>(,<ACLScope>)*"
-<CalendarList> ::= '<CalendarItem>(,<CalendarItem>)*'
+<CalendarList> ::= "<CalendarItem>(,<CalendarItem>)*"
-<CourseAliasList> ::= '<CourseAlias>(,<CourseAlias>)*'
+<CourseAliasList> ::= "<CourseAlias>(,<CourseAlias>)*"
-<CourseIDList> ::= '<CourseID>(,<CourseID>)*'
+<CourseIDList> ::= "<CourseID>(,<CourseID>)*"
-<CrOSFieldNameList> ::= '<CrOSFieldName>(,<CrOSFieldName>)*'
+<CrOSFieldNameList> ::= "<CrOSFieldName>(,<CrOSFieldName>)*"
-<CrOSList> ::= '<CrOSID>(,<CrOSID>)*'
+<CrOSList> ::= "<CrOSID>(,<CrOSID>)*"
-<DriveFileList> ::= '<DriveFileItem>(,<DriveFileItem>)*'
+<DriveFileList> ::= "<DriveFileItem>(,<DriveFileItem>)*"
-<EmailAddressList> ::= '<EmailAddress>(,<EmailAddress>)*'
+<EmailAddressList> ::= "<EmailAddress>(,<EmailAddress>)*"
-<EventIDList> ::= '<EventID>(,<EventID>)*'
+<EventIDList> ::= "<EventID>(,<EventID>)*"
-<FileFormatList> ::= '<FileFormat>(,<FileFormat)*'
+<FileFormatList> ::= "<FileFormat>(,<FileFormat)*"
-<FilterIDList> ::= '<FilterID>(,<FilterID>)*'
+<FilterIDList> ::= "<FilterID>(,<FilterID>)*"
-<GroupFieldNameList> ::= '<GroupFieldName>(,<GroupFieldName>)*'
+<GroupFieldNameList> ::= "<GroupFieldName>(,<GroupFieldName>)*"
-<GroupList> ::= '<GroupItem>(,<GroupItem>)*'
+<GroupList> ::= "<GroupItem>(,<GroupItem>)*"
-<GuardianStateList> ::= '<GuardianState>(,<GuardianState>)*'
+<GuardianStateList> ::= "<GuardianState>(,<GuardianState>)*"
-<LabelNameList> ::= '<LabelName>(,<LabelName)*'
+<LabelNameList> ::= "<LabelName>(,<LabelName)*"
-<MembersFieldNameList> ::= '<MembersFieldName>(,<MembersFieldName>)*'
+<MembersFieldNameList> ::= "<MembersFieldName>(,<MembersFieldName>)*"
-<MobileList> ::= '<MobileId>(,<MobileId>)*'
+<MobileList> ::= "<MobileId>(,<MobileId>)*"
-<OrgUnitList> ::== '<OrgUnitPath>(,<OrgUnitPath>)*'
+<OrgUnitList> ::== "<OrgUnitPath>(,<OrgUnitPath>)*"
-<PrinterIDList> ::= '<PrinterID>(,<PrinterID>)*'
+<PrinterIDList> ::= "<PrinterID>(,<PrinterID>)*"
-<ProductIDList> ::= '(<ProductID>|SKUID>)(,<ProductID>|SKUID>)*'
+<ProductIDList> ::= "(<ProductID>|SKUID>)(,<ProductID>|SKUID>)*"
-<PrintJobIDList> ::= '<PrintJobID>(,<PrintJobID>)*'
+<PrintJobIDList> ::= "<PrintJobID>(,<PrintJobID>)*"
-<ResourceIDList> ::= '<ResourceID>(,<ResourceID>)*'
+<ResourceIDList> ::= "<ResourceID>(,<ResourceID>)*"
-<SKUIDList> ='<SKUID>(,<SKUID>)*'
+<SKUIDList> ="<SKUID>(,<SKUID>)*"
-<SchemaNameList> ::= '<SchemaName>(,<SchemaName>)*'
+<SchemaNameList> ::= "<SchemaName>(,<SchemaName>)*"
-<UserFieldNameList> ::= '<UserFieldName>(,<UserFieldName>)*'
+<UserFieldNameList> ::= "<UserFieldName>(,<UserFieldName>)*"
-<UserList> ::= '<UserItem>(,<UserItem>)*'
+<UserList> ::= "<UserItem>(,<UserItem>)*"
-# Specify a collection of ChromeOS devices by directly specifying them
+Specify a collection of ChromeOS devices by directly specifying them
 <CrOSTypeEntity> ::=
 		(all cros)|
 		(cros <CrOSList>)|
-# Specify a collection of Users by directly specifying them or by specifiying items that will yield a list of users
+Specify a collection of Users by directly specifying them or by specifiying items that will yield a list of users
 <UserTypeEntity> ::=
 		(all users)|
 		(user <UserItem>)|
@@ -351,7 +400,7 @@ If an item contains spaces, it should be surrounded by " or '.
 		(query <QueryUser>)
-# Item attributes
+Item attributes
 <CalendarAttributes> ::=
 	(selected <Boolean>)|(hidden <Boolean>)|(summary <String>)|(colorindex|colorid <CalendarColorIndex>)|(backgroundcolor <ColorHex>)|(foregroundcolor <ColorHex>)|
 	(reminder clear|(email|sms|pop <Number>))|
@@ -461,27 +510,52 @@ If an item contains spaces, it should be surrounded by " or '.
 	(relation|relations clear|(spouse|child|mother|father|parent|brother|sister|friend|relative|domestic_partner|manager|assistant|referred_by|partner|<String> <String>))|
 	(suspended <Boolean>)|
 	(website|websites clear|(home_page|blog|profile|work|home|other|ftp|reservations|app_install_page|<String> <URL> [notprimary|primary]))|
-	(<SchemaName>.<FieldName> [multivalued|multivalue|value [type work|home|other|(custom <String>)]] <String>)
+	(<SchemaName>.<FieldName> [multivalued|multivalue|value|multinonempty [type work|home|other|(custom <String>)]] <String>)
-gam version [check]
+gam version [check] [simple]
 gam help
 gam batch <FileName>|- [charset <Charset>]
 gam csv <FileName>|- [charset <Charset>] gam <GAM argument list>
-# You can make substitutions in <GAMArgumentList> with values from the CSV file.
+You can make substitutions in <GAMArgumentList> with values from the CSV file.
-# An argument containing exactly ~xxx is replaced by the value of field xxx from the CSV file
+An argument containing exactly ~xxx is replaced by the value of field xxx from the CSV file
-# An argument containing instances of ~~xxx~~ has xxx replaced by the value of field xxx from the CSV file
+An argument containing instances of ~~xxx~~ has xxx replaced by the value of field xxx from the CSV file
-# Example: gam csv Users.csv gam update user '~primaryEmail' address type work unstructured '~~Street~~, ~~City~~, ~~State~~ ~~ZIP~~'
+Example: gam csv Users.csv gam update user "~primaryEmail" address type work unstructured "~~Street~~, ~~City~~, ~~State~~ ~~ZIP~~"
-# Each user (~primaryEmail, e.g. foo@bar.com) would have their work address updated
+Each user (~primaryEmail, e.g. foo@bar.com) would have their work address updated
-gam oauth|oauth2 create|request
+gam create project [<EmailAddress>]
 gam oauth|oauth2 create|request [<EmailAddress>]
 gam oauth|oauth2 delete|revoke
 gam oauth|oauth2 info|verify [<AccessToken>]
 gam <UserTypeEntity> check serviceaccount
 gam whatis <EmailItem>
 gam create resoldcustomer <CustomerDomain> (customer_auth_token <String>)
 	(email|alternate_email <EmailAddress>) (name|organization_name <String>) (contact|contact_name <String>) [phone|phone_number <String>]
 	[address|address1 <String>] [address2 <String>] [address3 <String>]
 	[locality|city <String>] [region|state <String>] [postal|postal_code <String>] [country|country_code <String>]
 gam update resoldcustomer <CustomerID> [customer_auth_token <String>]
 	[email|alternate_email <EmailAddress>] [name|organization_name <String>] [contact|contact_name <String>] [phone|phone_number <String>]
 	[address|address1 <String>] [address2 <String>] [address3 <String>]
 	[locality|city <String>] [region|state <String>] [postal|postal_code <String>] [country|country_code <String>]
 gam info resoldcustomer <CustomerID>
 gam create resoldsubscription <CustomerID> (sku <SKUID>)
 	 (plan annual_monthly_pay|annual_yearly_pay|flexible|trial) (seats <NumberOfSeats> <MaximumNumberOfSeats>)
 	 [customer_auth_token <String>] [deal <String>] [purchaseorderid <String>]
 gam update resoldsubscription <CustomerID> <SKUID>
 	activate|suspend|startpaidservice|
 	(renewal auto_renew_monthly_pay|auto_renew_yearly_pay|cancel|renew_current_users_monthly_pay|renew_current_users_yearly_pay|switch_to_pay_as_you_go)|
 	(seats <NumberOfSeats> [<MaximumNumberOfSeats>])|
 	(plan annual_monthly_pay|annual_yearly_pay|flexible|trial [deal <String>] [purchaseorderid <String>] [seats <NumberOfSeats> [<MaximumNumberOfSeats>]])
 gam delete resoldsubscription <CustomerID> <SKUID> cancel|downgrade|transfer_to_direct
 gam info resoldsubscriptions <CustomerID> [customer_auth_token <String>]
 gam report users|user [todrive]
 	[date <Date>] [(user all|<UserItem>)] [filter|filters <String>] [fields|parameters <String>]
 gam report customers|customer|domain [todrive]
@@ -505,7 +579,6 @@ gam delete domainalias|aliasdomain <DomainAlias>
 gam info domainalias|aliasdomain <DomainAlias>
 gam print domainaliases|aliasdomains [todrive]
 gam info customer
 gam update customer [adminsecondaryemail|alternateemail <EmailAddress>] [language <LanguageCode] [phone|phonenumber <String>]
 	[contact|contactname <String>] [name|organizationname <String>]
@@ -537,6 +610,7 @@ gam calendar <CalendarItem> del|delete <CalendarACLRole> <EmailAddress>|(domain
 gam calendar <CalendarItem> showacl
 gam calendar <CalendarItem> addevent <EventAttributes>+
 gam calendar <CalendarItem> deleteevent (id|eventid <EventID>)* (query|eventquery <QueryCalendar>)* [doit] [notifyattendees]
 gam calendar <CalendarItem> wipe
 gam update cros <CrOSItem> (<CrOSAttributes>+)|(action deprovision_same_model_replace|deprovision_different_model_replace|deprovision_retiring_device|disable|reenable [acknowledge_device_touch_requirement])
@@ -580,8 +654,8 @@ gam info group <GroupItem> [nousers] [noaliases] [groups]
 gam update group <GroupItem> clear [member] [manager] [owner]
 gam print groups [todrive] ([domain <DomainName>] [member <UserItem>])
-	[maxresults <Number>] [delimiter <String>]
+	[maxresults <Number>] [allfields|([settings] <GroupFieldName>* [fields <GroupFieldNameList>])] [delimiter <String>]
-	[members] [managers] [owners] [settings] <GroupFieldName>* [fields <GroupFieldNameList>]
+	[members|memberscount] [managers|managerscount] [owners|ownerscount]
 gam print group-members|groups-members [todrive] ([domain <DomainName>] [member <UserItem>])|[group <GroupItem>]
 	[membernames] [fields <MembersFieldNameList>]
@@ -614,7 +688,7 @@ gam info user [<UserItem>] [noaliases] [nogroups] [nolicenses|nolicences] [nosch
 gam print users [todrive] ([domain <DomainName>] [query <QueryUser>] [deleted_only|only_deleted])
 	[groups] [license|licenses|licence|licences] [emailpart|emailparts|username]
 	[orderby <UserOrderByFieldName> [ascending|descending]] [userview]
-	[basic|full|allfields | <UserFieldName>* | fields <UserFieldNameList>] [schemas|custom all|<SchemaNameList>]
+	[allfields|basic|full | ((<UserFieldName>* | fields <UserFieldNameList>) [schemas|custom all|<SchemaNameList>])]
 gam <UserTypeEntity> print
 Summary of printing:
@@ -631,7 +705,8 @@ gam create course id|alias <CourseAlias> [teacher <UserItem>] <CourseAttributes>
 gam update course <CourseID> <CourseAttributes>+
 gam delete course <CourseID>
 gam info course <CourseID>
-gam print courses [todrive] [teacher] [student] [alias|aliases] [delimiter <String>]
+gam print courses [todrive] [teacher <UserItem>] [student <UserItem>] [alias|aliases] [delimiter <String>]
 	[show all|students|teachers] [fields <CourseFieldNameList>] [skipfields <CourseFieldNameList>]
 gam course <CourseID> add alias <CourseAlias>
 gam course <CourseID> delete alias <CourseAlias>
@@ -709,7 +784,7 @@ gam <UserTypeEntity> delete|del emptydrivefolders
 gam <UserTypeEntity> empty drivetrash
 gam <UserTypeEntity> add drivefileacl <DriveFileID> anyone|(user <UserItem>)|(group <GroupItem>)|(domain <DomainName>)
-	(role <DriveFileACLRole>) [withlink] [sendmail] [emailmessage <String>]
+	(role <DriveFileACLRole>) [withlink] [sendemail] [emailmessage <String>]
 gam <UserTypeEntity> update drivefileacl <DriveFileID> <PermissionID>
 	(role <DriveFileACLRole>) [withlink] [transferownership <Boolean>]
 gam <UserTypeEntity> delete|del drivefileacl <DriveFileID> <PermissionID>
@@ -719,9 +794,9 @@ gam <UserTypeEntity> delete|del alias|aliases
 gam <UserTypeEntity> delete|del group|groups
-gam <UserTypeEntity> add license <SKUID>
+gam <UserTypeEntity> add license <SKUID> [product|productid <ProductID>]
-gam <UserTypeEntity> update license <SKUID> [from] <SKUID>
+gam <UserTypeEntity> update license <SKUID> [product|productid <ProductID>] [from] <SKUID>
-gam <UserTypeEntity> delete|del license <SKUID>
+gam <UserTypeEntity> delete|del license <SKUID> [product|productid <ProductID>]
 gam <UserTypeEntity> update photo <FileNamePattern>
 gam <UserTypeEntity> delete|del photo
@@ -738,9 +813,7 @@ gam print tokens|token [todrive] [clientid <ClientID>] [<UserTypeEntity>]
 gam <UserTypeEntity> update user <UserAttrubutes>
 gam <UserTypeEntity> deprovision|deprov
-#
+
 # Update user Gmail mailbox
 #
 gam <UserTypeEntity> [add] label|labels <Name> [messagelistvisibility hide|show] [labellistvisibility hide|show|showifunread]
 gam <UserTypeEntity> update labelsettings <LabelName> [name <Name>] [messagelistvisibility hide|show] [labellistvisibility hide|show|showifunread]
 gam <UserTypeEntity> update label|labels [search <RegularExpression>] [replace <LabelReplacement>] [merge]
@@ -751,9 +824,7 @@ gam <UserTypeEntity> delete messages query <QueryGmail> [doit] [max_to_delete|ma
 gam <UserTypeEntity> modify messages query <QueryGmail> [doit] [max_to_modify|max_to_process <Number>] (addlabel <LabelName>)* (removelabel <LabelName>)*
 gam <UserTypeEntity> trash messages query <QueryGmail> [doit] [max_to_trash|max_to_process <Number>]
 gam <UserTypeEntity> untrash messages query <QueryGmail> [doit] [max_to_untrash|max_to_process <Number>]
-#
+
 # Update user Gmail settings
 #
 gam <UserTypeEntity> show gmailprofile [todrive]
 gam <UserTypeEntity> show gplusprofile [todrive]
@@ -787,16 +858,28 @@ gam <UserTypeEntity> show imap|imap4
 gam <UserTypeEntity> pop|pop3 <Boolean> [for allmail|newmail|mailfromnowon|fromnowown] [action keep|leaveininbox|archive|delete|trash|markread]
 gam <UserTypeEntity> show pop|pop3
-gam <UserTypeEntity> [add] sendas <EmailAddress> <Name> [signature|sig <String>|(file <FileName> [charset <CharSet>]) (replace <Tag> <String>)*] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
+gam <UserTypeEntity> [add] sendas <EmailAddress> <Name> [signature|sig <String>|(file <FileName> [charset <CharSet>]) (replace <Tag> <String>)*] [html] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
-gam <UserTypeEntity> update sendas <EmailAddress> [name <Name>] [signature|sig <String>|(file <FileName> [charset <CharSet>]) (replace <Tag> <String>)*] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
+gam <UserTypeEntity> update sendas <EmailAddress> [name <Name>] [signature|sig <String>|(file <FileName> [charset <CharSet>]) (replace <Tag> <String>)*] [html] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
 gam <UserTypeEntity> delete sendas <EmailAddress>
 gam <UserTypeEntity> show sendas [format]
 gam <UserTypeEntity> info sendas <EmailAddress> [format]
 gam <UserTypeEntity> print sendas [todrive]
-gam <UserTypeEntity> signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [name <String>] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
+gam <UserTypeEntity> add smime file <FileName> [password <Password>] [sendas|sendasemail <EmailAddress>] [default]
 gam <UserTypeEntity> update smime [id <S/MIMEID>] [sendas|sendasemail <EmailAddress>] [default]
 gam <UserTypeEntity> delete smime [id <S/MIMEID>] [sendas|sendasemail <EmailAddress>]
 gam <UserTypeEntity> show smime [primaryonly]
 gam <UserTypeEntity> print smime [todrive] [primaryonly]
 gam <UserTypeEntity> signature|sig <String>|(file <FileName> [charset <Charset>]) (replace <Tag> <String>)* [html] [name <String>] [replyto <EmailAddress>] [default] [treatasalias <Boolean>]
 gam <UserTypeEntity> show signature|sig [format]
 gam <UserTypeEntity> add teamdrive <Name>
 gam <UserTypeEntity> update teamdrive <TeamDriveID> [name <Name>]
 gam <UserTypeEntity> delete teamdrive <TeamDriveID>
 gam <UserTypeEntity> show teamdrives
 gam <UserTypeEntity> print teamdrives [todrive]
 gam <UserTypeEntity> vacation <FalseValues>
 gam <UserTypeEntity> vacation <TrueValues> subject <String> (message <String>)|(file <FileName> [charset <CharSet>]) (replace <Tag> <String>)* [html]
 	[contactsonly] [domainonly] [startdate <Date>] [enddate <Date>]
--- a/src/gam-install.sh
+++ b/src/gam-install.sh
@@ -10,6 +10,7 @@ OPTIONS:
   -d      Directory where gam folder will be installed. Default is \$HOME/bin/
   -a      Architecture to install (i386, x86_64, arm). Default is to detect your arch with "uname -m".
   -o      OS we are running (linux, macos). Default is to detect your OS with "uname -s".
   -l      Just upgrade GAM to latest version. Skips project creation and auth.
   -p      Profile update (true, false). Should script add gam command to environment. Default is true.
   -u      Admin user email address to use with GAM. Default is to prompt.
   -r      Regular user email address. Used to test service account access to user data. Default is to prompt.
@@ -21,16 +22,18 @@ target_dir="$HOME/bin"
 gamarch=$(uname -m)
 gamos=$(uname -s)
 update_profile=true
 upgrade_only=false
 gamversion="latest"
 adminuser=""
 regularuser=""
-while getopts "hd:a:o:p:u:r:v:" OPTION
+while getopts "hd:a:o:lp:u:r:v:" OPTION
 do
     case $OPTION in
         h) usage; exit;;
         d) target_dir=$OPTARG;;
         a) gamarch=$OPTARG;;
         o) gamos=$OPTARG;;
         l) upgrade_only=true;;
         p) update_profile=$OPTARG;;
         u) adminuser=$OPTARG;;
         r) regularuser=$OPTARG;;
@@ -129,13 +132,27 @@ if type(release) is list:
    break
 for asset in release['assets']:
  if asset[sys.argv[1]].endswith('$gamfile'):
-    print asset[sys.argv[1]]
+    print(asset[sys.argv[1]])
    break"
 browser_download_url=$(echo "$release_json" | python -c "$pycode" browser_download_url $gamversion)
 name=$(echo "$release_json" | python -c "$pycode" name $gamversion)
 # Temp dir for archive
 temp_archive_dir=$(mktemp -d)
 pycmd="python"
 $pycmd -V >/dev/null 2>&1
 rc=$?
 if (( $rc != 0 )); then
  pycmd="python3"
 fi
 $pycmd -V >/dev/null 2>&1
 rc=$?
 if (( $rc != 0 )); then
  echo_red "ERROR: No version of python installed."
  exit
 fi
 browser_download_url=$(echo "$release_json" | $pycmd -c "$pycode" browser_download_url $gamversion)
 name=$(echo "$release_json" | $pycmd -c "$pycode" name $gamversion)
 # Temp dir for archive
 #temp_archive_dir=$(mktemp -d)
 temp_archive_dir=$(mktemp -d 2>/dev/null || mktemp -d -t 'mytmpdir')
 echo_yellow "Downloading file $name from $browser_download_url to $temp_archive_dir."
 # Save archive to temp w/o losing our path
 (cd $temp_archive_dir && curl -O -L $browser_download_url)
@@ -152,6 +169,19 @@ else
  echo_green "Finished extracting GAM archive."
 fi
 if [ "$upgrade_only" = true ]; then
  echo_green "Here's information about your GAM upgrade:"
  $target_dir/gam/gam version
  rc=$?
  if (( $rc != 0 )); then
    echo_red "ERROR: Failed running GAM for the first time with $rc. Please report this error to GAM mailing list. Exiting."
    exit
  fi
  echo_green "GAM upgrade complete!"
  exit
 fi
 # Update profile to add gam command
 if [ "$update_profile" = true ]; then
  alias_line="alias gam=\"$target_dir/gam/gam\""
--- a/src/gam.py
+++ b/src/gam.py
--- a/src/googleapiclient/init.py
+++ b/src/googleapiclient/init.py
@@ -12,7 +12,7 @@
 # See the License for the specific language governing permissions and
 # limitations under the License.
-__version__ = "1.5.2"
+__version__ = "1.6.2"
 # Set default logging handler to avoid "No handler found" warnings.
 import logging
--- a/src/googleapiclient/_auth.py
+++ b/src/googleapiclient/_auth.py
@@ -0,0 +1,92 @@
 # Copyright 2016 Google Inc. All Rights Reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #      http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """Helpers for authentication using oauth2client or google-auth."""
 try:
    import google.auth
    import google.auth.credentials
    import google_auth_httplib2
    HAS_GOOGLE_AUTH = True
 except ImportError:  # pragma: NO COVER
    HAS_GOOGLE_AUTH = False
 try:
    import oauth2client
    import oauth2client.client
    HAS_OAUTH2CLIENT = True
 except ImportError:  # pragma: NO COVER
    HAS_OAUTH2CLIENT = False
 from googleapiclient.http import build_http
 def default_credentials():
    """Returns Application Default Credentials."""
    if HAS_GOOGLE_AUTH:
        credentials, _ = google.auth.default()
        return credentials
    elif HAS_OAUTH2CLIENT:
        return oauth2client.client.GoogleCredentials.get_application_default()
    else:
        raise EnvironmentError(
            'No authentication library is available. Please install either '
            'google-auth or oauth2client.')
 def with_scopes(credentials, scopes):
    """Scopes the credentials if necessary.
    Args:
        credentials (Union[
            google.auth.credentials.Credentials,
            oauth2client.client.Credentials]): The credentials to scope.
        scopes (Sequence[str]): The list of scopes.
    Returns:
        Union[google.auth.credentials.Credentials,
            oauth2client.client.Credentials]: The scoped credentials.
    """
    if HAS_GOOGLE_AUTH and isinstance(
            credentials, google.auth.credentials.Credentials):
        return google.auth.credentials.with_scopes_if_required(
            credentials, scopes)
    else:
        try:
            if credentials.create_scoped_required():
                return credentials.create_scoped(scopes)
            else:
                return credentials
        except AttributeError:
            return credentials
 def authorized_http(credentials):
    """Returns an http client that is authorized with the given credentials.
    Args:
        credentials (Union[
            google.auth.credentials.Credentials,
            oauth2client.client.Credentials]): The credentials to use.
    Returns:
        Union[httplib2.Http, google_auth_httplib2.AuthorizedHttp]: An
            authorized http client.
    """
    if HAS_GOOGLE_AUTH and isinstance(
            credentials, google.auth.credentials.Credentials):
        return google_auth_httplib2.AuthorizedHttp(credentials,
                                                   http=build_http())
    else:
        return credentials.authorize(build_http())
--- a/src/googleapiclient/channel.py
+++ b/src/googleapiclient/channel.py
@@ -61,7 +61,6 @@ import datetime
 import uuid
 from googleapiclient import errors
 from oauth2client import util
 import six
 # Oauth2client < 3 has the positional helper in 'util', >= 3 has it
--- a/src/googleapiclient/discovery.py
+++ b/src/googleapiclient/discovery.py
@@ -53,6 +53,7 @@ import httplib2
 import uritemplate
 # Local imports
 from googleapiclient import _auth
 from googleapiclient import mimeparse
 from googleapiclient.errors import HttpError
 from googleapiclient.errors import InvalidJsonError
@@ -60,7 +61,10 @@ from googleapiclient.errors import MediaUploadSizeError
 from googleapiclient.errors import UnacceptableMimeTypeError
 from googleapiclient.errors import UnknownApiNameOrVersion
 from googleapiclient.errors import UnknownFileType
 from googleapiclient.http import build_http
 from googleapiclient.http import BatchHttpRequest
 from googleapiclient.http import HttpMock
 from googleapiclient.http import HttpMockSequence
 from googleapiclient.http import HttpRequest
 from googleapiclient.http import MediaFileUpload
 from googleapiclient.http import MediaUpload
@@ -94,6 +98,7 @@ V2_DISCOVERY_URI = ('https://{api}.googleapis.com/$discovery/rest?'
                    'version={apiVersion}')
 DEFAULT_METHOD_DOC = 'A description of how to use this function'
 HTTP_PAYLOAD_METHODS = frozenset(['PUT', 'POST', 'PATCH'])
 _MEDIA_SIZE_BIT_SHIFTS = {'KB': 10, 'MB': 20, 'GB': 30, 'TB': 40}
 BODY_PARAMETER_DEFAULT_VALUE = {
    'description': 'The request body.',
@@ -106,6 +111,13 @@ MEDIA_BODY_PARAMETER_DEFAULT_VALUE = {
    'type': 'string',
    'required': False,
 }
 MEDIA_MIME_TYPE_PARAMETER_DEFAULT_VALUE = {
    'description': ('The MIME type of the media request body, or an instance '
                    'of a MediaUpload object.'),
    'type': 'string',
    'required': False,
 }
 _PAGE_TOKEN_NAMES = ('pageToken', 'nextPageToken')
 # Parameters accepted by the stack, but not visible via discovery.
 # TODO(dhermes): Remove 'userip' in 'v2'.
@@ -189,7 +201,8 @@ def build(serviceName,
    model: googleapiclient.Model, converts to and from the wire format.
    requestBuilder: googleapiclient.http.HttpRequest, encapsulator for an HTTP
      request.
-    credentials: oauth2client.Credentials, credentials to be used for
+    credentials: oauth2client.Credentials or
      google.auth.credentials.Credentials, credentials to be used for
      authentication.
    cache_discovery: Boolean, whether or not to cache the discovery doc.
    cache: googleapiclient.discovery_cache.base.CacheBase, an optional
@@ -204,14 +217,16 @@ def build(serviceName,
      }
  if http is None:
-    http = httplib2.Http()
+    discovery_http = build_http()
  else:
    discovery_http = http
  for discovery_url in (discoveryServiceUrl, V2_DISCOVERY_URI,):
    requested_url = uritemplate.expand(discovery_url, params)
    try:
-      content = _retrieve_discovery_doc(requested_url, http, cache_discovery,
+      content = _retrieve_discovery_doc(
-                                        cache)
+        requested_url, discovery_http, cache_discovery, cache)
      return build_from_document(content, base=discovery_url, http=http,
          developerKey=developerKey, model=model, requestBuilder=requestBuilder,
          credentials=credentials)
@@ -308,17 +323,20 @@ def build_from_document(
    model: Model class instance that serializes and de-serializes requests and
      responses.
    requestBuilder: Takes an http request and packages it up to be executed.
-    credentials: object, credentials to be used for authentication.
+    credentials: oauth2client.Credentials or
      google.auth.credentials.Credentials, credentials to be used for
      authentication.
  Returns:
    A Resource object with methods for interacting with the service.
  """
-  if http is None:
+  if http is not None and credentials is not None:
-    http = httplib2.Http()
+    raise ValueError('Arguments http and credentials are mutually exclusive.')
-  # future is no longer used.
+  if developerKey is not None and credentials is not None:
-  future = {}
+    raise ValueError(
      'Arguments developerKey and credentials are mutually exclusive.')
  if isinstance(service, six.string_types):
    service = json.loads(service)
@@ -334,31 +352,37 @@ def build_from_document(
  base = urljoin(service['rootUrl'], service['servicePath'])
  schema = Schemas(service)
-  if credentials:
+  # If the http client is not specified, then we must construct an http client
-    # If credentials were passed in, we could have two cases:
+  # to make requests. If the service has scopes, then we also need to setup
-    # 1. the scopes were specified, in which case the given credentials
+  # authentication.
-    #    are used for authorizing the http;
+  if http is None:
-    # 2. the scopes were not provided (meaning the Application Default
+    # Does the service require scopes?
-    #    Credentials are to be used). In this case, the Application Default
+    scopes = list(
-    #    Credentials are built and used instead of the original credentials.
+      service.get('auth', {}).get('oauth2', {}).get('scopes', {}).keys())
    #    If there are no scopes found (meaning the given service requires no
    #    authentication), there is no authorization of the http.
    if (isinstance(credentials, GoogleCredentials) and
        credentials.create_scoped_required()):
      scopes = service.get('auth', {}).get('oauth2', {}).get('scopes', {})
      if scopes:
        credentials = credentials.create_scoped(list(scopes.keys()))
      else:
        # No need to authorize the http object
        # if the service does not require authentication.
        credentials = None
-    if credentials:
+    # If so, then the we need to setup authentication if no developerKey is
-      http = credentials.authorize(http)
+    # specified.
    if scopes and not developerKey:
      # If the user didn't pass in credentials, attempt to acquire application
      # default credentials.
      if credentials is None:
        credentials = _auth.default_credentials()
      # The credentials need to be scoped.
      credentials = _auth.with_scopes(credentials, scopes)
      # Create an authorized http instance
      http = _auth.authorized_http(credentials)
    # If the service doesn't require scopes then there is no need for
    # authentication.
    else:
      http = build_http()
  if model is None:
    features = service.get('features', [])
    model = JsonModel('dataWrapper' in features)
  return Resource(http=http, baseUrl=base, model=model,
                  developerKey=developerKey, requestBuilder=requestBuilder,
                  resourceDesc=service, rootDesc=service, schema=schema)
@@ -479,7 +503,7 @@ def _fix_up_parameters(method_desc, root_desc, http_method):
 def _fix_up_media_upload(method_desc, root_desc, path_url, parameters):
-  """Updates parameters of API by adding 'media_body' if supported by method.
+  """Adds 'media_body' and 'media_mime_type' parameters if supported by method.
  SIDE EFFECTS: If the method supports media upload and has a required body,
  sets body to be optional (required=False) instead. Also, if there is a
@@ -516,6 +540,7 @@ def _fix_up_media_upload(method_desc, root_desc, path_url, parameters):
  if media_upload:
    media_path_url = _media_path_url_from_info(root_desc, path_url)
    parameters['media_body'] = MEDIA_BODY_PARAMETER_DEFAULT_VALUE.copy()
    parameters['media_mime_type'] = MEDIA_MIME_TYPE_PARAMETER_DEFAULT_VALUE.copy()
    if 'body' in parameters:
      parameters['body']['required'] = False
@@ -704,7 +729,11 @@ def createMethod(methodName, methodDesc, rootDesc, schema):
    for name in parameters.required_params:
      if name not in kwargs:
-        raise TypeError('Missing required parameter "%s"' % name)
+        # temporary workaround for non-paging methods incorrectly requiring
        # page token parameter (cf. drive.changes.watch vs. drive.changes.list)
        if name not in _PAGE_TOKEN_NAMES or _findPageTokenName(
            _methodProperties(methodDesc, schema, 'response')):
          raise TypeError('Missing required parameter "%s"' % name)
    for name, regex in six.iteritems(parameters.pattern_params):
      if name in kwargs:
@@ -749,6 +778,7 @@ def createMethod(methodName, methodDesc, rootDesc, schema):
        actual_path_params[parameters.argmap[key]] = cast_value
    body_value = kwargs.get('body', None)
    media_filename = kwargs.get('media_body', None)
    media_mime_type = kwargs.get('media_mime_type', None)
    if self._developerKey:
      actual_query_params['key'] = self._developerKey
@@ -772,7 +802,11 @@ def createMethod(methodName, methodDesc, rootDesc, schema):
    if media_filename:
      # Ensure we end up with a valid MediaUpload object.
      if isinstance(media_filename, six.string_types):
-        (media_mime_type, encoding) = mimetypes.guess_type(media_filename)
+        if media_mime_type is None:
          logger.warning(
              'media_mime_type argument not specified: trying to auto-detect for %s',
              media_filename)
          media_mime_type, _ = mimetypes.guess_type(media_filename)
        if media_mime_type is None:
          raise UnknownFileType(media_filename)
        if not mimeparse.best_match([media_mime_type], ','.join(accept)):
@@ -902,13 +936,20 @@ def createMethod(methodName, methodDesc, rootDesc, schema):
  return (methodName, method)
-def createNextMethod(methodName):
+def createNextMethod(methodName,
                     pageTokenName='pageToken',
                     nextPageTokenName='nextPageToken',
                     isPageTokenParameter=True):
  """Creates any _next methods for attaching to a Resource.
  The _next methods allow for easy iteration through list() responses.
  Args:
    methodName: string, name of the method to use.
    pageTokenName: string, name of request page token field.
    nextPageTokenName: string, name of response page token field.
    isPageTokenParameter: Boolean, True if request page token is a query
        parameter, False if request page token is a field of the request body.
  """
  methodName = fix_method_name(methodName)
@@ -926,24 +967,24 @@ Returns:
    # Retrieve nextPageToken from previous_response
    # Use as pageToken in previous_request to create new request.
-    if 'nextPageToken' not in previous_response or not previous_response['nextPageToken']:
+    nextPageToken = previous_response.get(nextPageTokenName, None)
    if not nextPageToken:
      return None
    request = copy.copy(previous_request)
-    pageToken = previous_response['nextPageToken']
+    if isPageTokenParameter:
-    parsed = list(urlparse(request.uri))
+        # Replace pageToken value in URI
-    q = parse_qsl(parsed[4])
+        request.uri = _add_query_parameter(
-
+            request.uri, pageTokenName, nextPageToken)
-    # Find and remove old 'pageToken' value from URI
+        logger.info('Next page request URL: %s %s' % (methodName, request.uri))
-    newq = [(key, value) for (key, value) in q if key != 'pageToken']
+    else:
-    newq.append(('pageToken', pageToken))
+        # Replace pageToken value in request body
-    parsed[4] = urlencode(newq)
+        model = self._model
-    uri = urlunparse(parsed)
+        body = model.deserialize(request.body)
-
+        body[pageTokenName] = nextPageToken
-    request.uri = uri
+        request.body = model.serialize(body)
-
+        logger.info('Next page request body: %s %s' % (methodName, body))
    logger.info('URL being requested: %s %s' % (methodName,uri))
    return request
@@ -1091,19 +1132,59 @@ class Resource(object):
                               method.__get__(self, self.__class__))
  def _add_next_methods(self, resourceDesc, schema):
-    # Add _next() methods
+    # Add _next() methods if and only if one of the names 'pageToken' or
-    # Look for response bodies in schema that contain nextPageToken, and methods
+    # 'nextPageToken' occurs among the fields of both the method's response
-    # that take a pageToken parameter.
+    # type either the method's request (query parameters) or request body.
-    if 'methods' in resourceDesc:
+    if 'methods' not in resourceDesc:
-      for methodName, methodDesc in six.iteritems(resourceDesc['methods']):
+      return
-        if 'response' in methodDesc:
+    for methodName, methodDesc in six.iteritems(resourceDesc['methods']):
-          responseSchema = methodDesc['response']
+      nextPageTokenName = _findPageTokenName(
-          if '$ref' in responseSchema:
+          _methodProperties(methodDesc, schema, 'response'))
-            responseSchema = schema.get(responseSchema['$ref'])
+      if not nextPageTokenName:
-          hasNextPageToken = 'nextPageToken' in responseSchema.get('properties',
+        continue
-                                                                   {})
+      isPageTokenParameter = True
-          hasPageToken = 'pageToken' in methodDesc.get('parameters', {})
+      pageTokenName = _findPageTokenName(methodDesc.get('parameters', {}))
-          if hasNextPageToken and hasPageToken:
+      if not pageTokenName:
-            fixedMethodName, method = createNextMethod(methodName + '_next')
+        isPageTokenParameter = False
-            self._set_dynamic_attr(fixedMethodName,
+        pageTokenName = _findPageTokenName(
-                                   method.__get__(self, self.__class__))
+            _methodProperties(methodDesc, schema, 'request'))
      if not pageTokenName:
        continue
      fixedMethodName, method = createNextMethod(
          methodName + '_next', pageTokenName, nextPageTokenName,
          isPageTokenParameter)
      self._set_dynamic_attr(fixedMethodName,
                             method.__get__(self, self.__class__))
 def _findPageTokenName(fields):
  """Search field names for one like a page token.
  Args:
    fields: container of string, names of fields.
  Returns:
    First name that is either 'pageToken' or 'nextPageToken' if one exists,
    otherwise None.
  """
  return next((tokenName for tokenName in _PAGE_TOKEN_NAMES
              if tokenName in fields), None)
 def _methodProperties(methodDesc, schema, name):
  """Get properties of a field in a method description.
  Args:
    methodDesc: object, fragment of deserialized discovery document that
      describes the method.
    schema: object, mapping of schema names to schema descriptions.
    name: string, name of top-level field in method description.
  Returns:
    Object representing fragment of deserialized discovery document
    corresponding to 'properties' field of object corresponding to named field
    in method description, if it exists, otherwise empty dict.
  """
  desc = methodDesc.get(name, {})
  if '$ref' in desc:
    desc = schema.get(desc['$ref'], {})
  return desc.get('properties', {})
--- a/src/googleapiclient/discovery_cache/file_cache.py
+++ b/src/googleapiclient/discovery_cache/file_cache.py
@@ -33,7 +33,12 @@ try:
  from oauth2client.contrib.locked_file import LockedFile
 except ImportError:
  # oauth2client < 2.0.0
-  from oauth2client.locked_file import LockedFile
+  try:
    from oauth2client.locked_file import LockedFile
  except ImportError:
    # oauth2client > 4.0.0
    raise ImportError(
      'file_cache is unavailable when using oauth2client >= 4.0.0')
 from . import base
 from ..discovery_cache import DISCOVERY_DOC_MAX_AGE
--- a/src/googleapiclient/errors.py
+++ b/src/googleapiclient/errors.py
@@ -52,8 +52,12 @@ class HttpError(Error):
    reason = self.resp.reason
    try:
      data = json.loads(self.content.decode('utf-8'))
-      reason = data['error']['message']
+      if isinstance(data, dict):
-    except (ValueError, KeyError):
+        reason = data['error']['message']
      elif isinstance(data, list) and len(data) > 0:
        first_error = data[0]
        reason = first_error['error']['message']
    except (ValueError, KeyError, TypeError):
      pass
    if reason is None:
      reason = ''
@@ -122,6 +126,9 @@ class BatchError(HttpError):
    self.reason = reason
  def __repr__(self):
    if getattr(self.resp, 'status', None) is None:
      return '<BatchError "%s">' % (self.reason)
    else:
      return '<BatchError %s "%s">' % (self.resp.status, self.reason)
  __str__ = __repr__
--- a/src/googleapiclient/http.py
+++ b/src/googleapiclient/http.py
@@ -80,6 +80,8 @@ MAX_URI_LENGTH = 2048
 _TOO_MANY_REQUESTS = 429
 DEFAULT_HTTP_TIMEOUT_SEC = 60
 def _should_retry_response(resp_status, content):
  """Determines whether a response should be retried.
@@ -815,6 +817,7 @@ class HttpRequest(object):
    if 'content-length' not in self.headers:
      self.headers['content-length'] = str(self.body_size)
    # If the request URI is too long then turn it into a POST request.
    # Assume that a GET request never contains a request body.
    if len(self.uri) > MAX_URI_LENGTH and self.method == 'GET':
      self.method = 'POST'
      self.headers['x-http-method-override'] = 'GET'
@@ -996,7 +999,11 @@ class HttpRequest(object):
    elif resp.status == 308:
      self._in_error_state = False
      # A "308 Resume Incomplete" indicates we are not done.
-      self.resumable_progress = int(resp['range'].split('-')[1]) + 1
+      try:
        self.resumable_progress = int(resp['range'].split('-')[1]) + 1
      except KeyError:
        # If resp doesn't contain range header, resumable progress is 0
        self.resumable_progress = 0
      if 'location' in resp:
        self.resumable_uri = resp['location']
    else:
@@ -1728,3 +1735,21 @@ def tunnel_patch(http):
  http.request = new_request
  return http
 def build_http():
  """Builds httplib2.Http object
  Returns:
  A httplib2.Http object, which is used to make http requests, and which has timeout set by default.
  To override default timeout call
    socket.setdefaulttimeout(timeout_in_sec)
  before interacting with this method.
  """
  if socket.getdefaulttimeout() is not None:
    http_timeout = socket.getdefaulttimeout()
  else:
    http_timeout = DEFAULT_HTTP_TIMEOUT_SEC
  return httplib2.Http(timeout=http_timeout)
--- a/src/googleapiclient/sample_tools.py
+++ b/src/googleapiclient/sample_tools.py
@@ -23,10 +23,10 @@ __all__ = ['init']
 import argparse
 import httplib2
 import os
 from googleapiclient import discovery
 from googleapiclient.http import build_http
 from oauth2client import client
 from oauth2client import file
 from oauth2client import tools
@@ -88,7 +88,7 @@ def init(argv, name, version, doc, filename, scope=None, parents=[], discovery_f
  credentials = storage.get()
  if credentials is None or credentials.invalid:
    credentials = tools.run_flow(flow, storage, flags)
-  http = credentials.authorize(http = httplib2.Http())
+  http = credentials.authorize(http=build_http())
  if discovery_filename is None:
    # Construct a service object via the discovery service.
--- a/src/googleapiclient/schema.py
+++ b/src/googleapiclient/schema.py
@@ -161,13 +161,14 @@ class Schemas(object):
    # Return with trailing comma and newline removed.
    return self._prettyPrintSchema(schema, dent=1)[:-2]
-  def get(self, name):
+  def get(self, name, default=None):
    """Get deserialized JSON schema from the schema name.
    Args:
      name: string, Schema name.
      default: object, return value if name not found.
    """
-    return self.schemas[name]
+    return self.schemas.get(name, default)
 class _SchemaToStruct(object):
--- a/src/httplib2/init.py
+++ b/src/httplib2/init.py
@@ -23,7 +23,7 @@ __contributors__ = ["Thomas Broyer (t.broyer@ltgt.net)",
                    "Louis Nyffenegger",
                    "Alex Yu"]
 __license__ = "MIT"
-__version__ = "0.9.2"
+__version__ = "0.10.3"
 import re
 import sys
@@ -65,42 +65,54 @@ except ImportError:
        socks = None
 # Build the appropriate socket wrapper for ssl
 ssl = None
 ssl_SSLError = None
 ssl_CertificateError = None
 try:
-    import ssl # python 2.6
+    import ssl  # python 2.6
-    ssl_SSLError = ssl.SSLError
+except ImportError:
-    def _ssl_wrap_socket(sock, key_file, cert_file, disable_validation,
+    pass
-                         ca_certs, ssl_version, hostname):
+if ssl is not None:
-        if disable_validation:
+    ssl_SSLError = getattr(ssl, 'SSLError', None)
-            cert_reqs = ssl.CERT_NONE
+    ssl_CertificateError = getattr(ssl, 'CertificateError', None)
        else:
            cert_reqs = ssl.CERT_REQUIRED
        if ssl_version is None:
            ssl_version = ssl.PROTOCOL_SSLv23
-        if hasattr(ssl, 'SSLContext'): # Python 2.7.9
+
-            context = ssl.SSLContext(ssl_version)
+def _ssl_wrap_socket(sock, key_file, cert_file, disable_validation,
-            context.verify_mode = cert_reqs
+                     ca_certs, ssl_version, hostname):
-            context.check_hostname = (cert_reqs != ssl.CERT_NONE)
+    if disable_validation:
-            if cert_file:
+        cert_reqs = ssl.CERT_NONE
-                context.load_cert_chain(cert_file, key_file)
+    else:
-            if ca_certs:
+        cert_reqs = ssl.CERT_REQUIRED
-                context.load_verify_locations(ca_certs)
+    if ssl_version is None:
-            return context.wrap_socket(sock, server_hostname=hostname)
+        ssl_version = ssl.PROTOCOL_SSLv23
-        else:
+
-            return ssl.wrap_socket(sock, keyfile=key_file, certfile=cert_file,
+    if hasattr(ssl, 'SSLContext'):  # Python 2.7.9
-                                   cert_reqs=cert_reqs, ca_certs=ca_certs,
+        context = ssl.SSLContext(ssl_version)
-                                   ssl_version=ssl_version)
+        context.verify_mode = cert_reqs
-except (AttributeError, ImportError):
+        context.check_hostname = (cert_reqs != ssl.CERT_NONE)
-    ssl_SSLError = None
+        if cert_file:
-    def _ssl_wrap_socket(sock, key_file, cert_file, disable_validation,
+            context.load_cert_chain(cert_file, key_file)
-                         ca_certs, ssl_version, hostname):
+        if ca_certs:
-        if not disable_validation:
+            context.load_verify_locations(ca_certs)
-            raise CertificateValidationUnsupported(
+        return context.wrap_socket(sock, server_hostname=hostname)
-                    "SSL certificate validation is not supported without "
+    else:
-                    "the ssl module installed. To avoid this error, install "
+        return ssl.wrap_socket(sock, keyfile=key_file, certfile=cert_file,
-                    "the ssl module, or explicity disable validation.")
+                               cert_reqs=cert_reqs, ca_certs=ca_certs,
-        ssl_sock = socket.ssl(sock, key_file, cert_file)
+                               ssl_version=ssl_version)
-        return httplib.FakeSocket(sock, ssl_sock)
+
 def _ssl_wrap_socket_unsupported(sock, key_file, cert_file, disable_validation,
                                 ca_certs, ssl_version, hostname):
    if not disable_validation:
        raise CertificateValidationUnsupported(
                "SSL certificate validation is not supported without "
                "the ssl module installed. To avoid this error, install "
                "the ssl module, or explicity disable validation.")
    ssl_sock = socket.ssl(sock, key_file, cert_file)
    return httplib.FakeSocket(sock, ssl_sock)
 if ssl is None:
    _ssl_wrap_socket = _ssl_wrap_socket_unsupported
 if sys.version_info >= (2,3):
@@ -269,8 +281,8 @@ def safename(filename):
    filename = re_slash.sub(",", filename)
    # limit length of filename
-    if len(filename)>64:
+    if len(filename)>200:
-        filename=filename[:64]
+        filename=filename[:200]
    return ",".join((filename, filemd5))
 NORMALIZE_SPACE = re.compile(r'(?:\r\n)?[ \t]+')
@@ -1066,7 +1078,7 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
                        raise CertificateHostnameMismatch(
                            'Server presented certificate that does not match '
                            'host %s: %s' % (hostname, cert), hostname, cert)
-            except ssl_SSLError, e:
+            except (ssl_SSLError, ssl_CertificateError, CertificateHostnameMismatch), e:
                if sock:
                    sock.close()
                if self.sock:
@@ -1076,7 +1088,7 @@ class HTTPSConnectionWithTimeout(httplib.HTTPSConnection):
                # to get at more detailed error information, in particular
                # whether the error is due to certificate validation or
                # something else (such as SSL protocol mismatch).
-                if e.errno == ssl.SSL_ERROR_SSL:
+                if getattr(e, 'errno', None) == ssl.SSL_ERROR_SSL:
                    raise SSLHandshakeError(e)
                else:
                    raise
@@ -1155,18 +1167,11 @@ try:
              server_software.startswith('Development/')):
        raise NotRunningAppEngineEnvironment()
-    try:
+    from google.appengine.api import apiproxy_stub_map
-        from google.appengine.api import apiproxy_stub_map
+    if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None:
-        if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None:
+        raise ImportError  # Bail out; we're not actually running on App Engine.
-            raise ImportError  # Bail out; we're not actually running on App Engine.
+    from google.appengine.api.urlfetch import fetch
-        from google.appengine.api.urlfetch import fetch
+    from google.appengine.api.urlfetch import InvalidURLError
        from google.appengine.api.urlfetch import InvalidURLError
    except (ImportError, AttributeError):
        from google3.apphosting.api import apiproxy_stub_map
        if apiproxy_stub_map.apiproxy.GetStub('urlfetch') is None:
            raise ImportError  # Bail out; we're not actually running on App Engine.
        from google3.apphosting.api.urlfetch import fetch
        from google3.apphosting.api.urlfetch import InvalidURLError
    # Update the connection classes to use the Googel App Engine specific ones.
    SCHEME_TO_CONNECTION = {
--- a/src/linux-build.sh
+++ b/src/linux-build.sh
@@ -1,11 +1,12 @@
 rm -rf gam
 rm -rf build
-rm -rf  dist
+rm -rf dist
 rm -rf gam-$1-linux-$(arch).tar.xz
 export LD_LIBRARY_PATH=/usr/local/lib
 pyinstaller --clean -F --distpath=gam linux-gam.spec
 cp LICENSE gam
 cp whatsnew.txt gam
 cp GamCommands.txt gam
 tar cfJ gam-$1-linux-$(arch).tar.xz gam/ 
--- a/src/macos-build.sh
+++ b/src/macos-build.sh
@@ -1,10 +1,11 @@
-rmdir /q /s gam
+rm -rf gam
-rmdir /q /s build
+rm -rf build
-rmdir /q /s dist
+rm -rf dist
 rm -rf gam-$1-macos.tar.xz
 /Library/Frameworks/Python.framework/Versions/2.7/bin/pyinstaller --clean -F --distpath=gam macos-gam.spec
 cp LICENSE gam
 cp whatsnew.txt gam
 cp GamCommands.txt gam
 tar cfJ gam-$1-macos.tar.xz gam/ 
--- a/src/oauth2client/init.py
+++ b/src/oauth2client/init.py
@@ -14,7 +14,7 @@
 """Client library for using OAuth2, especially with Google APIs."""
-__version__ = '3.0.0'
+__version__ = '4.0.0'
 GOOGLE_AUTH_URI = 'https://accounts.google.com/o/oauth2/v2/auth'
 GOOGLE_DEVICE_URI = 'https://accounts.google.com/o/oauth2/device/code'
--- a/src/oauth2client/_helpers.py
+++ b/src/oauth2client/_helpers.py
@@ -11,12 +11,248 @@
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """Helper functions for commonly used utilities."""
 import base64
 import functools
 import inspect
 import json
 import logging
 import os
 import warnings
 import six
 from six.moves import urllib
 logger = logging.getLogger(__name__)
 POSITIONAL_WARNING = 'WARNING'
 POSITIONAL_EXCEPTION = 'EXCEPTION'
 POSITIONAL_IGNORE = 'IGNORE'
 POSITIONAL_SET = frozenset([POSITIONAL_WARNING, POSITIONAL_EXCEPTION,
                            POSITIONAL_IGNORE])
 positional_parameters_enforcement = POSITIONAL_WARNING
 _SYM_LINK_MESSAGE = 'File: {0}: Is a symbolic link.'
 _IS_DIR_MESSAGE = '{0}: Is a directory'
 _MISSING_FILE_MESSAGE = 'Cannot access {0}: No such file or directory'
 def positional(max_positional_args):
    """A decorator to declare that only the first N arguments my be positional.
    This decorator makes it easy to support Python 3 style keyword-only
    parameters. For example, in Python 3 it is possible to write::
        def fn(pos1, *, kwonly1=None, kwonly1=None):
            ...
    All named parameters after ``*`` must be a keyword::
        fn(10, 'kw1', 'kw2')  # Raises exception.
        fn(10, kwonly1='kw1')  # Ok.
    Example
    ^^^^^^^
    To define a function like above, do::
        @positional(1)
        def fn(pos1, kwonly1=None, kwonly2=None):
            ...
    If no default value is provided to a keyword argument, it becomes a
    required keyword argument::
        @positional(0)
        def fn(required_kw):
            ...
    This must be called with the keyword parameter::
        fn()  # Raises exception.
        fn(10)  # Raises exception.
        fn(required_kw=10)  # Ok.
    When defining instance or class methods always remember to account for
    ``self`` and ``cls``::
        class MyClass(object):
            @positional(2)
            def my_method(self, pos1, kwonly1=None):
                ...
            @classmethod
            @positional(2)
            def my_method(cls, pos1, kwonly1=None):
                ...
    The positional decorator behavior is controlled by
    ``_helpers.positional_parameters_enforcement``, which may be set to
    ``POSITIONAL_EXCEPTION``, ``POSITIONAL_WARNING`` or
    ``POSITIONAL_IGNORE`` to raise an exception, log a warning, or do
    nothing, respectively, if a declaration is violated.
    Args:
        max_positional_arguments: Maximum number of positional arguments. All
                                  parameters after the this index must be
                                  keyword only.
    Returns:
        A decorator that prevents using arguments after max_positional_args
        from being used as positional parameters.
    Raises:
        TypeError: if a key-word only argument is provided as a positional
                   parameter, but only if
                   _helpers.positional_parameters_enforcement is set to
                   POSITIONAL_EXCEPTION.
    """
    def positional_decorator(wrapped):
        @functools.wraps(wrapped)
        def positional_wrapper(*args, **kwargs):
            if len(args) > max_positional_args:
                plural_s = ''
                if max_positional_args != 1:
                    plural_s = 's'
                message = ('{function}() takes at most {args_max} positional '
                           'argument{plural} ({args_given} given)'.format(
                               function=wrapped.__name__,
                               args_max=max_positional_args,
                               args_given=len(args),
                               plural=plural_s))
                if positional_parameters_enforcement == POSITIONAL_EXCEPTION:
                    raise TypeError(message)
                elif positional_parameters_enforcement == POSITIONAL_WARNING:
                    logger.warning(message)
            return wrapped(*args, **kwargs)
        return positional_wrapper
    if isinstance(max_positional_args, six.integer_types):
        return positional_decorator
    else:
        args, _, _, defaults = inspect.getargspec(max_positional_args)
        return positional(len(args) - len(defaults))(max_positional_args)
 def scopes_to_string(scopes):
    """Converts scope value to a string.
    If scopes is a string then it is simply passed through. If scopes is an
    iterable then a string is returned that is all the individual scopes
    concatenated with spaces.
    Args:
        scopes: string or iterable of strings, the scopes.
    Returns:
        The scopes formatted as a single string.
    """
    if isinstance(scopes, six.string_types):
        return scopes
    else:
        return ' '.join(scopes)
 def string_to_scopes(scopes):
    """Converts stringifed scope value to a list.
    If scopes is a list then it is simply passed through. If scopes is an
    string then a list of each individual scope is returned.
    Args:
        scopes: a string or iterable of strings, the scopes.
    Returns:
        The scopes in a list.
    """
    if not scopes:
        return []
    elif isinstance(scopes, six.string_types):
        return scopes.split(' ')
    else:
        return scopes
 def parse_unique_urlencoded(content):
    """Parses unique key-value parameters from urlencoded content.
    Args:
        content: string, URL-encoded key-value pairs.
    Returns:
        dict, The key-value pairs from ``content``.
    Raises:
        ValueError: if one of the keys is repeated.
    """
    urlencoded_params = urllib.parse.parse_qs(content)
    params = {}
    for key, value in six.iteritems(urlencoded_params):
        if len(value) != 1:
            msg = ('URL-encoded content contains a repeated value:'
                   '%s -> %s' % (key, ', '.join(value)))
            raise ValueError(msg)
        params[key] = value[0]
    return params
 def update_query_params(uri, params):
    """Updates a URI with new query parameters.
    If a given key from ``params`` is repeated in the ``uri``, then
    the URI will be considered invalid and an error will occur.
    If the URI is valid, then each value from ``params`` will
    replace the corresponding value in the query parameters (if
    it exists).
    Args:
        uri: string, A valid URI, with potential existing query parameters.
        params: dict, A dictionary of query parameters.
    Returns:
        The same URI but with the new query parameters added.
    """
    parts = urllib.parse.urlparse(uri)
    query_params = parse_unique_urlencoded(parts.query)
    query_params.update(params)
    new_query = urllib.parse.urlencode(query_params)
    new_parts = parts._replace(query=new_query)
    return urllib.parse.urlunparse(new_parts)
 def _add_query_parameter(url, name, value):
    """Adds a query parameter to a url.
    Replaces the current value if it already exists in the URL.
    Args:
        url: string, url to add the query parameter to.
        name: string, query parameter name.
        value: string, query parameter value.
    Returns:
        Updated query parameter. Does not update the url if value is None.
    """
    if value is None:
        return url
    else:
        return update_query_params(url, {name: value})
 def validate_file(filename):
    if os.path.islink(filename):
        raise IOError(_SYM_LINK_MESSAGE.format(filename))
    elif os.path.isdir(filename):
        raise IOError(_IS_DIR_MESSAGE.format(filename))
    #elif not os.path.isfile(filename):
    #    warnings.warn(_MISSING_FILE_MESSAGE.format(filename))
 def _parse_pem_key(raw_key_input):
--- a/src/oauth2client/_pkce.py
+++ b/src/oauth2client/_pkce.py
@@ -0,0 +1,65 @@
 # Copyright 2016 Google Inc. All rights reserved.
 #
 # Licensed under the Apache License, Version 2.0 (the "License");
 # you may not use this file except in compliance with the License.
 # You may obtain a copy of the License at
 #
 #     http://www.apache.org/licenses/LICENSE-2.0
 #
 # Unless required by applicable law or agreed to in writing, software
 # distributed under the License is distributed on an "AS IS" BASIS,
 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 # See the License for the specific language governing permissions and
 # limitations under the License.
 """
 Utility functions for implementing Proof Key for Code Exchange (PKCE) by OAuth
 Public Clients
 See RFC7636.
 """
 import base64
 import hashlib
 import os
 def code_verifier(n_bytes=64):
    """
    Generates a 'code_verifier' as described in section 4.1 of RFC 7636.
    This is a 'high-entropy cryptographic random string' that will be
    impractical for an attacker to guess.
    Args:
        n_bytes: integer between 31 and 96, inclusive. default: 64
            number of bytes of entropy to include in verifier.
    Returns:
        Bytestring, representing urlsafe base64-encoded random data.
    """
    verifier = base64.urlsafe_b64encode(os.urandom(n_bytes))
    # https://tools.ietf.org/html/rfc7636#section-4.1
    # minimum length of 43 characters and a maximum length of 128 characters.
    if len(verifier) < 43:
        raise ValueError("Verifier too short. n_bytes must be > 30.")
    elif len(verifier) > 128:
        raise ValueError("Verifier too long. n_bytes must be < 97.")
    else:
        return verifier
 def code_challenge(verifier):
    """
    Creates a 'code_challenge' as described in section 4.2 of RFC 7636
    by taking the sha256 hash of the verifier and then urlsafe
    base64-encoding it.
    Args:
        verifier: bytestring, representing a code_verifier as generated by
            code_verifier().
    Returns:
        Bytestring, representing a urlsafe base64-encoded sha256 hash digest.
    """
    return base64.urlsafe_b64encode(hashlib.sha256(verifier).digest())
--- a/src/oauth2client/client.py
+++ b/src/oauth2client/client.py
@@ -34,13 +34,11 @@ from six.moves import urllib
 import oauth2client
 from oauth2client import _helpers
 from oauth2client import _pkce
 from oauth2client import clientsecrets
 from oauth2client import transport
 from oauth2client import util
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 HAS_OPENSSL = False
 HAS_CRYPTO = False
 try:
@@ -100,20 +98,20 @@ AccessTokenInfo = collections.namedtuple(
 DEFAULT_ENV_NAME = 'UNKNOWN'
 # If set to True _get_environment avoid GCE check (_detect_gce_environment)
-NO_GCE_CHECK = os.environ.setdefault('NO_GCE_CHECK', 'False')
+NO_GCE_CHECK = os.getenv('NO_GCE_CHECK', 'False')
 # Timeout in seconds to wait for the GCE metadata server when detecting the
 # GCE environment.
 try:
-    GCE_METADATA_TIMEOUT = int(
+    GCE_METADATA_TIMEOUT = int(os.getenv('GCE_METADATA_TIMEOUT', 3))
        os.environ.setdefault('GCE_METADATA_TIMEOUT', '3'))
 except ValueError:  # pragma: NO COVER
    GCE_METADATA_TIMEOUT = 3
 _SERVER_SOFTWARE = 'SERVER_SOFTWARE'
-_GCE_METADATA_HOST = '169.254.169.254'
+_GCE_METADATA_URI = 'http://169.254.169.254'
-_METADATA_FLAVOR_HEADER = 'Metadata-Flavor'
+_METADATA_FLAVOR_HEADER = 'metadata-flavor'  # lowercase header
 _DESIRED_METADATA_FLAVOR = 'Google'
 _GCE_HEADERS = {_METADATA_FLAVOR_HEADER: _DESIRED_METADATA_FLAVOR}
 # Expose utcnow() at module level to allow for
 # easier testing (by replacing with a stub).
@@ -440,23 +438,6 @@ class Storage(object):
            self.release_lock()
 def _update_query_params(uri, params):
    """Updates a URI with new query parameters.
    Args:
        uri: string, A valid URI, with potential existing query parameters.
        params: dict, A dictionary of query parameters.
    Returns:
        The same URI but with the new query parameters added.
    """
    parts = urllib.parse.urlparse(uri)
    query_params = dict(urllib.parse.parse_qsl(parts.query))
    query_params.update(params)
    new_parts = parts._replace(query=urllib.parse.urlencode(query_params))
    return urllib.parse.urlunparse(new_parts)
 class OAuth2Credentials(Credentials):
    """Credentials object for OAuth 2.0.
@@ -466,7 +447,7 @@ class OAuth2Credentials(Credentials):
    OAuth2Credentials objects may be safely pickled and unpickled.
    """
-    @util.positional(8)
+    @_helpers.positional(8)
    def __init__(self, access_token, client_id, client_secret, refresh_token,
                 token_expiry, token_uri, user_agent, revoke_uri=None,
                 id_token=None, token_response=None, scopes=None,
@@ -513,7 +494,7 @@ class OAuth2Credentials(Credentials):
        self.revoke_uri = revoke_uri
        self.id_token = id_token
        self.token_response = token_response
-        self.scopes = set(util.string_to_scopes(scopes or []))
+        self.scopes = set(_helpers.string_to_scopes(scopes or []))
        self.token_info_uri = token_info_uri
        # True if the credentials have been revoked or expired and can't be
@@ -557,7 +538,7 @@ class OAuth2Credentials(Credentials):
            http: httplib2.Http, an http object to be used to make the refresh
                  request.
        """
-        self._refresh(http.request)
+        self._refresh(http)
    def revoke(self, http):
        """Revokes a refresh_token and makes the credentials void.
@@ -566,7 +547,7 @@ class OAuth2Credentials(Credentials):
            http: httplib2.Http, an http object to be used to make the revoke
                  request.
        """
-        self._revoke(http.request)
+        self._revoke(http)
    def apply(self, headers):
        """Add the authorization to the headers.
@@ -592,7 +573,7 @@ class OAuth2Credentials(Credentials):
            not have scopes. In both cases, you can use refresh_scopes() to
            obtain the canonical set of scopes.
        """
-        scopes = util.string_to_scopes(scopes)
+        scopes = _helpers.string_to_scopes(scopes)
        return set(scopes).issubset(self.scopes)
    def retrieve_scopes(self, http):
@@ -607,7 +588,7 @@ class OAuth2Credentials(Credentials):
        Returns:
            A set of strings containing the canonical list of scopes.
        """
-        self._retrieve_scopes(http.request)
+        self._retrieve_scopes(http)
        return self.scopes
    @classmethod
@@ -746,7 +727,7 @@ class OAuth2Credentials(Credentials):
        return headers
-    def _refresh(self, http_request):
+    def _refresh(self, http):
        """Refreshes the access_token.
        This method first checks by reading the Storage object if available.
@@ -754,15 +735,13 @@ class OAuth2Credentials(Credentials):
        refresh is completed.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          refresh request.
        Raises:
            HttpAccessTokenRefreshError: When the refresh fails.
        """
        if not self.store:
-            self._do_refresh_request(http_request)
+            self._do_refresh_request(http)
        else:
            self.store.acquire_lock()
            try:
@@ -774,17 +753,15 @@ class OAuth2Credentials(Credentials):
                    logger.info('Updated access_token read from Storage')
                    self._updateFromCredential(new_cred)
                else:
-                    self._do_refresh_request(http_request)
+                    self._do_refresh_request(http)
            finally:
                self.store.release_lock()
-    def _do_refresh_request(self, http_request):
+    def _do_refresh_request(self, http):
        """Refresh the access_token using the refresh_token.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          refresh request.
        Raises:
            HttpAccessTokenRefreshError: When the refresh fails.
@@ -793,8 +770,9 @@ class OAuth2Credentials(Credentials):
        headers = self._generate_refresh_request_headers()
        logger.info('Refreshing access_token')
-        resp, content = http_request(
+        resp, content = transport.request(
-            self.token_uri, method='POST', body=body, headers=headers)
+            http, self.token_uri, method='POST',
            body=body, headers=headers)
        content = _helpers._from_bytes(content)
        if resp.status == http_client.OK:
            d = json.loads(content)
@@ -819,7 +797,7 @@ class OAuth2Credentials(Credentials):
            # An {'error':...} response body means the token is expired or
            # revoked, so we flag the credentials as such.
            logger.info('Failed to retrieve access token: %s', content)
-            error_msg = 'Invalid response {0}.'.format(resp['status'])
+            error_msg = 'Invalid response {0}.'.format(resp.status)
            try:
                d = json.loads(content)
                if 'error' in d:
@@ -833,23 +811,19 @@ class OAuth2Credentials(Credentials):
                pass
            raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
-    def _revoke(self, http_request):
+    def _revoke(self, http):
        """Revokes this credential and deletes the stored copy (if it exists).
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          revoke request.
        """
-        self._do_revoke(http_request, self.refresh_token or self.access_token)
+        self._do_revoke(http, self.refresh_token or self.access_token)
-    def _do_revoke(self, http_request, token):
+    def _do_revoke(self, http, token):
        """Revokes this credential and deletes the stored copy (if it exists).
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          refresh request.
            token: A string used as the token to be revoked. Can be either an
                   access_token or refresh_token.
@@ -859,8 +833,13 @@ class OAuth2Credentials(Credentials):
        """
        logger.info('Revoking token')
        query_params = {'token': token}
-        token_revoke_uri = _update_query_params(self.revoke_uri, query_params)
+        token_revoke_uri = _helpers.update_query_params(
-        resp, content = http_request(token_revoke_uri)
+            self.revoke_uri, query_params)
        resp, content = transport.request(http, token_revoke_uri)
        if resp.status == http_client.METHOD_NOT_ALLOWED:
            body = urllib.parse.urlencode(query_params)
            resp, content = transport.request(http, token_revoke_uri,
                                              method='POST', body=body)
        if resp.status == http_client.OK:
            self.invalid = True
        else:
@@ -876,23 +855,19 @@ class OAuth2Credentials(Credentials):
        if self.store:
            self.store.delete()
-    def _retrieve_scopes(self, http_request):
+    def _retrieve_scopes(self, http):
        """Retrieves the list of authorized scopes from the OAuth2 provider.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          revoke request.
        """
-        self._do_retrieve_scopes(http_request, self.access_token)
+        self._do_retrieve_scopes(http, self.access_token)
-    def _do_retrieve_scopes(self, http_request, token):
+    def _do_retrieve_scopes(self, http, token):
        """Retrieves the list of authorized scopes from the OAuth2 provider.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          refresh request.
            token: A string used as the token to identify the credentials to
                   the provider.
@@ -902,13 +877,13 @@ class OAuth2Credentials(Credentials):
        """
        logger.info('Refreshing scopes')
        query_params = {'access_token': token, 'fields': 'scope'}
-        token_info_uri = _update_query_params(self.token_info_uri,
+        token_info_uri = _helpers.update_query_params(
-                                              query_params)
+            self.token_info_uri, query_params)
-        resp, content = http_request(token_info_uri)
+        resp, content = transport.request(http, token_info_uri)
        content = _helpers._from_bytes(content)
        if resp.status == http_client.OK:
            d = json.loads(content)
-            self.scopes = set(util.string_to_scopes(d.get('scope', '')))
+            self.scopes = set(_helpers.string_to_scopes(d.get('scope', '')))
        else:
            error_msg = 'Invalid response {0}.'.format(resp.status)
            try:
@@ -977,19 +952,25 @@ class AccessTokenCredentials(OAuth2Credentials):
            data['user_agent'])
        return retval
-    def _refresh(self, http_request):
+    def _refresh(self, http):
        """Refreshes the access token.
        Args:
            http: unused HTTP object.
        Raises:
            AccessTokenCredentialsError: always
        """
        raise AccessTokenCredentialsError(
            'The access_token is expired or invalid and can\'t be refreshed.')
-    def _revoke(self, http_request):
+    def _revoke(self, http):
        """Revokes the access_token and deletes the store if available.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          revoke request.
        """
-        self._do_revoke(http_request, self.access_token)
+        self._do_revoke(http, self.access_token)
 def _detect_gce_environment():
@@ -1005,21 +986,16 @@ def _detect_gce_environment():
    #       could lead to false negatives in the event that we are on GCE, but
    #       the metadata resolution was particularly slow. The latter case is
    #       "unlikely".
-    connection = six.moves.http_client.HTTPConnection(
+    http = transport.get_http_object(timeout=GCE_METADATA_TIMEOUT)
        _GCE_METADATA_HOST, timeout=GCE_METADATA_TIMEOUT)
    try:
-        headers = {_METADATA_FLAVOR_HEADER: _DESIRED_METADATA_FLAVOR}
+        response, _ = transport.request(
-        connection.request('GET', '/', headers=headers)
+            http, _GCE_METADATA_URI, headers=_GCE_HEADERS)
-        response = connection.getresponse()
+        return (
-        if response.status == http_client.OK:
+            response.status == http_client.OK and
-            return (response.getheader(_METADATA_FLAVOR_HEADER) ==
+            response.get(_METADATA_FLAVOR_HEADER) == _DESIRED_METADATA_FLAVOR)
                    _DESIRED_METADATA_FLAVOR)
    except socket.error:  # socket.timeout or socket.error(64, 'Host is down')
        logger.info('Timeout attempting to reach GCE metadata service.')
        return False
    finally:
        connection.close()
 def _in_gae_environment():
@@ -1469,7 +1445,7 @@ class AssertionCredentials(GoogleCredentials):
    AssertionCredentials objects may be safely pickled and unpickled.
    """
-    @util.positional(2)
+    @_helpers.positional(2)
    def __init__(self, assertion_type, user_agent=None,
                 token_uri=oauth2client.GOOGLE_TOKEN_URI,
                 revoke_uri=oauth2client.GOOGLE_REVOKE_URI,
@@ -1511,15 +1487,13 @@ class AssertionCredentials(GoogleCredentials):
        """Generate assertion string to be used in the access token request."""
        raise NotImplementedError
-    def _revoke(self, http_request):
+    def _revoke(self, http):
        """Revokes the access_token and deletes the store if available.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          revoke request.
        """
-        self._do_revoke(http_request, self.access_token)
+        self._do_revoke(http, self.access_token)
    def sign_blob(self, blob):
        """Cryptographically sign a blob (of bytes).
@@ -1545,7 +1519,7 @@ def _require_crypto_or_die():
        raise CryptoUnavailableError('No crypto library available')
-@util.positional(2)
+@_helpers.positional(2)
 def verify_id_token(id_token, audience, http=None,
                    cert_uri=ID_TOKEN_VERIFICATION_CERTS):
    """Verifies a signed JWT id_token.
@@ -1572,7 +1546,7 @@ def verify_id_token(id_token, audience, http=None,
    if http is None:
        http = transport.get_cached_http()
-    resp, content = http.request(cert_uri)
+    resp, content = transport.request(http, cert_uri)
    if resp.status == http_client.OK:
        certs = json.loads(_helpers._from_bytes(content))
        return crypt.verify_signed_jwt_with_certs(id_token, certs, audience)
@@ -1624,7 +1598,7 @@ def _parse_exchange_token_response(content):
    except Exception:
        # different JSON libs raise different exceptions,
        # so we just do a catch-all here
-        resp = dict(urllib.parse.parse_qsl(content))
+        resp = _helpers.parse_unique_urlencoded(content)
    # some providers respond with 'expires', others with 'expires_in'
    if resp and 'expires' in resp:
@@ -1633,7 +1607,7 @@ def _parse_exchange_token_response(content):
    return resp
-@util.positional(4)
+@_helpers.positional(4)
 def credentials_from_code(client_id, client_secret, scope, code,
                          redirect_uri='postmessage', http=None,
                          user_agent=None,
@@ -1641,7 +1615,9 @@ def credentials_from_code(client_id, client_secret, scope, code,
                          auth_uri=oauth2client.GOOGLE_AUTH_URI,
                          revoke_uri=oauth2client.GOOGLE_REVOKE_URI,
                          device_uri=oauth2client.GOOGLE_DEVICE_URI,
-                          token_info_uri=oauth2client.GOOGLE_TOKEN_INFO_URI):
+                          token_info_uri=oauth2client.GOOGLE_TOKEN_INFO_URI,
                          pkce=False,
                          code_verifier=None):
    """Exchanges an authorization code for an OAuth2Credentials object.
    Args:
@@ -1665,6 +1641,15 @@ def credentials_from_code(client_id, client_secret, scope, code,
        device_uri: string, URI for device authorization endpoint. For
                    convenience defaults to Google's endpoints but any OAuth
                    2.0 provider can be used.
        pkce: boolean, default: False, Generate and include a "Proof Key
              for Code Exchange" (PKCE) with your authorization and token
              requests. This adds security for installed applications that
              cannot protect a client_secret. See RFC 7636 for details.
        code_verifier: bytestring or None, default: None, parameter passed
                       as part of the code exchange when pkce=True. If
                       None, a code_verifier will automatically be
                       generated as part of step1_get_authorize_url(). See
                       RFC 7636 for details.
    Returns:
        An OAuth2Credentials object.
@@ -1675,16 +1660,20 @@ def credentials_from_code(client_id, client_secret, scope, code,
    """
    flow = OAuth2WebServerFlow(client_id, client_secret, scope,
                               redirect_uri=redirect_uri,
-                               user_agent=user_agent, auth_uri=auth_uri,
+                               user_agent=user_agent,
-                               token_uri=token_uri, revoke_uri=revoke_uri,
+                               auth_uri=auth_uri,
                               token_uri=token_uri,
                               revoke_uri=revoke_uri,
                               device_uri=device_uri,
-                               token_info_uri=token_info_uri)
+                               token_info_uri=token_info_uri,
                               pkce=pkce,
                               code_verifier=code_verifier)
    credentials = flow.step2_exchange(code, http=http)
    return credentials
-@util.positional(3)
+@_helpers.positional(3)
 def credentials_from_clientsecrets_and_code(filename, scope, code,
                                            message=None,
                                            redirect_uri='postmessage',
@@ -1713,6 +1702,15 @@ def credentials_from_clientsecrets_and_code(filename, scope, code,
        cache: An optional cache service client that implements get() and set()
               methods. See clientsecrets.loadfile() for details.
        device_uri: string, OAuth 2.0 device authorization endpoint
        pkce: boolean, default: False, Generate and include a "Proof Key
              for Code Exchange" (PKCE) with your authorization and token
              requests. This adds security for installed applications that
              cannot protect a client_secret. See RFC 7636 for details.
        code_verifier: bytestring or None, default: None, parameter passed
                       as part of the code exchange when pkce=True. If
                       None, a code_verifier will automatically be
                       generated as part of step1_get_authorize_url(). See
                       RFC 7636 for details.
    Returns:
        An OAuth2Credentials object.
@@ -1773,7 +1771,7 @@ class DeviceFlowInfo(collections.namedtuple('DeviceFlowInfo', (
 def _oauth2_web_server_flow_params(kwargs):
    """Configures redirect URI parameters for OAuth2WebServerFlow."""
    params = {
-        'access_type': 'offline',
+#        'access_type': 'offline',
        'response_type': 'code',
    }
@@ -1803,7 +1801,7 @@ class OAuth2WebServerFlow(Flow):
    OAuth2WebServerFlow objects may be safely pickled and unpickled.
    """
-    @util.positional(4)
+    @_helpers.positional(4)
    def __init__(self, client_id,
                 client_secret=None,
                 scope=None,
@@ -1816,6 +1814,8 @@ class OAuth2WebServerFlow(Flow):
                 device_uri=oauth2client.GOOGLE_DEVICE_URI,
                 token_info_uri=oauth2client.GOOGLE_TOKEN_INFO_URI,
                 authorization_header=None,
                 pkce=False,
                 code_verifier=None,
                 **kwargs):
        """Constructor for OAuth2WebServerFlow.
@@ -1853,6 +1853,15 @@ class OAuth2WebServerFlow(Flow):
                                  require a client to authenticate using a
                                  header value instead of passing client_secret
                                  in the POST body.
            pkce: boolean, default: False, Generate and include a "Proof Key
                  for Code Exchange" (PKCE) with your authorization and token
                  requests. This adds security for installed applications that
                  cannot protect a client_secret. See RFC 7636 for details.
            code_verifier: bytestring or None, default: None, parameter passed
                           as part of the code exchange when pkce=True. If
                           None, a code_verifier will automatically be
                           generated as part of step1_get_authorize_url(). See
                           RFC 7636 for details.
            **kwargs: dict, The keyword arguments are all optional and required
                      parameters for the OAuth calls.
        """
@@ -1862,7 +1871,7 @@ class OAuth2WebServerFlow(Flow):
            raise TypeError("The value of scope must not be None")
        self.client_id = client_id
        self.client_secret = client_secret
-        self.scope = util.scopes_to_string(scope)
+        self.scope = _helpers.scopes_to_string(scope)
        self.redirect_uri = redirect_uri
        self.login_hint = login_hint
        self.user_agent = user_agent
@@ -1872,9 +1881,11 @@ class OAuth2WebServerFlow(Flow):
        self.device_uri = device_uri
        self.token_info_uri = token_info_uri
        self.authorization_header = authorization_header
        self._pkce = pkce
        self.code_verifier = code_verifier
        self.params = _oauth2_web_server_flow_params(kwargs)
-    @util.positional(1)
+    @_helpers.positional(1)
    def step1_get_authorize_url(self, redirect_uri=None, state=None):
        """Returns a URI to redirect to the provider.
@@ -1912,10 +1923,17 @@ class OAuth2WebServerFlow(Flow):
            query_params['state'] = state
        if self.login_hint is not None:
            query_params['login_hint'] = self.login_hint
-        query_params.update(self.params)
+        if self._pkce:
-        return _update_query_params(self.auth_uri, query_params)
+            if not self.code_verifier:
                self.code_verifier = _pkce.code_verifier()
            challenge = _pkce.code_challenge(self.code_verifier)
            query_params['code_challenge'] = challenge
            query_params['code_challenge_method'] = 'S256'
-    @util.positional(1)
+        query_params.update(self.params)
        return _helpers.update_query_params(self.auth_uri, query_params)
    @_helpers.positional(1)
    def step1_get_device_and_user_codes(self, http=None):
        """Returns a user code and the verification URL where to enter it
@@ -1940,8 +1958,8 @@ class OAuth2WebServerFlow(Flow):
        if http is None:
            http = transport.get_http_object()
-        resp, content = http.request(self.device_uri, method='POST', body=body,
+        resp, content = transport.request(
-                                     headers=headers)
+            http, self.device_uri, method='POST', body=body, headers=headers)
        content = _helpers._from_bytes(content)
        if resp.status == http_client.OK:
            try:
@@ -1963,7 +1981,7 @@ class OAuth2WebServerFlow(Flow):
                pass
            raise OAuth2DeviceCodeError(error_msg)
-    @util.positional(2)
+    @_helpers.positional(2)
    def step2_exchange(self, code=None, http=None, device_flow_info=None):
        """Exchanges a code for OAuth2Credentials.
@@ -2006,6 +2024,8 @@ class OAuth2WebServerFlow(Flow):
        }
        if self.client_secret is not None:
            post_data['client_secret'] = self.client_secret
        if self._pkce:
            post_data['code_verifier'] = self.code_verifier
        if device_flow_info is not None:
            post_data['grant_type'] = 'http://oauth.net/grant_type/device/1.0'
        else:
@@ -2023,8 +2043,8 @@ class OAuth2WebServerFlow(Flow):
        if http is None:
            http = transport.get_http_object()
-        resp, content = http.request(self.token_uri, method='POST', body=body,
+        resp, content = transport.request(
-                                     headers=headers)
+            http, self.token_uri, method='POST', body=body, headers=headers)
        d = _parse_exchange_token_response(content)
        if resp.status == http_client.OK and 'access_token' in d:
            access_token = d['access_token']
@@ -2060,10 +2080,10 @@ class OAuth2WebServerFlow(Flow):
            raise FlowExchangeError(error_msg)
-@util.positional(2)
+@_helpers.positional(2)
 def flow_from_clientsecrets(filename, scope, redirect_uri=None,
                            message=None, cache=None, login_hint=None,
-                            device_uri=None):
+                            device_uri=None, pkce=None, code_verifier=None):
    """Create a Flow from a clientsecrets file.
    Will create the right kind of Flow based on the contents of the
@@ -2112,10 +2132,11 @@ def flow_from_clientsecrets(filename, scope, redirect_uri=None,
                'login_hint': login_hint,
            }
            revoke_uri = client_info.get('revoke_uri')
-            if revoke_uri is not None:
+            optional = ('revoke_uri', 'device_uri', 'pkce', 'code_verifier')
-                constructor_kwargs['revoke_uri'] = revoke_uri
+            for param in optional:
-            if device_uri is not None:
+                if locals()[param] is not None:
-                constructor_kwargs['device_uri'] = device_uri
+                    constructor_kwargs[param] = locals()[param]
            return OAuth2WebServerFlow(
                client_info['client_id'], client_info['client_secret'],
                scope, **constructor_kwargs)
--- a/src/oauth2client/clientsecrets.py
+++ b/src/oauth2client/clientsecrets.py
@@ -22,7 +22,6 @@ import json
 import six
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 # Properties that make a client_secrets.json file valid.
 TYPE_WEB = 'web'
--- a/src/oauth2client/contrib/_metadata.py
+++ b/src/oauth2client/contrib/_metadata.py
@@ -20,28 +20,25 @@ See https://cloud.google.com/compute/docs/metadata
 import datetime
 import json
 import httplib2
 from six.moves import http_client
 from six.moves.urllib import parse as urlparse
 from oauth2client import _helpers
 from oauth2client import client
-from oauth2client import util
+from oauth2client import transport
 METADATA_ROOT = 'http://metadata.google.internal/computeMetadata/v1/'
 METADATA_HEADERS = {'Metadata-Flavor': 'Google'}
-def get(http_request, path, root=METADATA_ROOT, recursive=None):
+def get(http, path, root=METADATA_ROOT, recursive=None):
    """Fetch a resource from the metadata server.
    Args:
        http: an object to be used to make HTTP requests.
        path: A string indicating the resource to retrieve. For example,
            'instance/service-accounts/defualt'
        http_request: A callable that matches the method
            signature of httplib2.Http.request. Used to make the request to the
            metadataserver.
        root: A string indicating the full path to the metadata server root.
        recursive: A boolean indicating whether to do a recursive query of
            metadata. See
@@ -51,15 +48,14 @@ def get(http_request, path, root=METADATA_ROOT, recursive=None):
        A dictionary if the metadata server returns JSON, otherwise a string.
    Raises:
-        httplib2.Httplib2Error if an error corrured while retrieving metadata.
+        http_client.HTTPException if an error corrured while
        retrieving metadata.
    """
    url = urlparse.urljoin(root, path)
-    url = util._add_query_parameter(url, 'recursive', recursive)
+    url = _helpers._add_query_parameter(url, 'recursive', recursive)
-    response, content = http_request(
+    response, content = transport.request(
-        url,
+        http, url, headers=METADATA_HEADERS)
        headers=METADATA_HEADERS
    )
    if response.status == http_client.OK:
        decoded = _helpers._from_bytes(content)
@@ -68,21 +64,20 @@ def get(http_request, path, root=METADATA_ROOT, recursive=None):
        else:
            return decoded
    else:
-        raise httplib2.HttpLib2Error(
+        raise http_client.HTTPException(
            'Failed to retrieve {0} from the Google Compute Engine'
            'metadata service. Response:\n{1}'.format(url, response))
-def get_service_account_info(http_request, service_account='default'):
+def get_service_account_info(http, service_account='default'):
    """Get information about a service account from the metadata server.
    Args:
        http: an object to be used to make HTTP requests.
        service_account: An email specifying the service account for which to
            look up information. Default will be information for the "default"
            service account of the current compute engine instance.
-        http_request: A callable that matches the method
+
            signature of httplib2.Http.request. Used to make the request to the
            metadata server.
    Returns:
         A dictionary with information about the specified service account,
         for example:
@@ -94,21 +89,19 @@ def get_service_account_info(http_request, service_account='default'):
            }
    """
    return get(
-        http_request,
+        http,
        'instance/service-accounts/{0}/'.format(service_account),
        recursive=True)
-def get_token(http_request, service_account='default'):
+def get_token(http, service_account='default'):
    """Fetch an oauth token for the
    Args:
        http: an object to be used to make HTTP requests.
        service_account: An email specifying the service account this token
            should represent. Default will be a token for the "default" service
            account of the current compute engine instance.
        http_request: A callable that matches the method
            signature of httplib2.Http.request. Used to make the request to the
            metadataserver.
    Returns:
         A tuple of (access token, token expiration), where access token is the
@@ -116,7 +109,7 @@ def get_token(http_request, service_account='default'):
         that indicates when the access token will expire.
    """
    token_json = get(
-        http_request,
+        http,
        'instance/service-accounts/{0}/token'.format(service_account))
    token_expiry = client._UTCNOW() + datetime.timedelta(
        seconds=token_json['expires_in'])
--- a/src/oauth2client/contrib/appengine.py
+++ b/src/oauth2client/contrib/appengine.py
@@ -29,13 +29,13 @@ from google.appengine.api import memcache
 from google.appengine.api import users
 from google.appengine.ext import db
 from google.appengine.ext.webapp.util import login_required
 import httplib2
 import webapp2 as webapp
 import oauth2client
 from oauth2client import _helpers
 from oauth2client import client
 from oauth2client import clientsecrets
-from oauth2client import util
+from oauth2client import transport
 from oauth2client.contrib import xsrfutil
 # This is a temporary fix for a Google internal issue.
@@ -45,8 +45,6 @@ except ImportError:  # pragma: NO COVER
    _appengine_ndb = None
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 logger = logging.getLogger(__name__)
 OAUTH2CLIENT_NAMESPACE = 'oauth2client#ns'
@@ -131,7 +129,7 @@ class AppAssertionCredentials(client.AssertionCredentials):
    information to generate and refresh its own access tokens.
    """
-    @util.positional(2)
+    @_helpers.positional(2)
    def __init__(self, scope, **kwargs):
        """Constructor for AppAssertionCredentials
@@ -143,7 +141,7 @@ class AppAssertionCredentials(client.AssertionCredentials):
                                or unspecified, the default service account for
                                the app is used.
        """
-        self.scope = util.scopes_to_string(scope)
+        self.scope = _helpers.scopes_to_string(scope)
        self._kwargs = kwargs
        self.service_account_id = kwargs.get('service_account_id', None)
        self._service_account_email = None
@@ -157,17 +155,15 @@ class AppAssertionCredentials(client.AssertionCredentials):
        data = json.loads(json_data)
        return AppAssertionCredentials(data['scope'])
-    def _refresh(self, http_request):
+    def _refresh(self, http):
-        """Refreshes the access_token.
+        """Refreshes the access token.
        Since the underlying App Engine app_identity implementation does its
        own caching we can skip all the storage hoops and just to a refresh
        using the API.
        Args:
-            http_request: callable, a callable that matches the method
+            http: unused HTTP object
                          signature of httplib2.Http.request, used to make the
                          refresh request.
        Raises:
            AccessTokenRefreshError: When the refresh fails.
@@ -305,7 +301,7 @@ class StorageByKeyName(client.Storage):
    and that entities are stored by key_name.
    """
-    @util.positional(4)
+    @_helpers.positional(4)
    def __init__(self, model, key_name, property_name, cache=None, user=None):
        """Constructor for Storage.
@@ -523,7 +519,7 @@ class OAuth2Decorator(object):
    flow = property(get_flow, set_flow)
-    @util.positional(4)
+    @_helpers.positional(4)
    def __init__(self, client_id, client_secret, scope,
                 auth_uri=oauth2client.GOOGLE_AUTH_URI,
                 token_uri=oauth2client.GOOGLE_TOKEN_URI,
@@ -590,7 +586,7 @@ class OAuth2Decorator(object):
        self.credentials = None
        self._client_id = client_id
        self._client_secret = client_secret
-        self._scope = util.scopes_to_string(scope)
+        self._scope = _helpers.scopes_to_string(scope)
        self._auth_uri = auth_uri
        self._token_uri = token_uri
        self._revoke_uri = revoke_uri
@@ -742,7 +738,8 @@ class OAuth2Decorator(object):
            *args: Positional arguments passed to httplib2.Http constructor.
            **kwargs: Positional arguments passed to httplib2.Http constructor.
        """
-        return self.credentials.authorize(httplib2.Http(*args, **kwargs))
+        return self.credentials.authorize(
            transport.get_http_object(*args, **kwargs))
    @property
    def callback_path(self):
@@ -804,7 +801,7 @@ class OAuth2Decorator(object):
                    if (decorator._token_response_param and
                            credentials.token_response):
                        resp_json = json.dumps(credentials.token_response)
-                        redirect_uri = util._add_query_parameter(
+                        redirect_uri = _helpers._add_query_parameter(
                            redirect_uri, decorator._token_response_param,
                            resp_json)
@@ -848,7 +845,7 @@ class OAuth2DecoratorFromClientSecrets(OAuth2Decorator):
    """
-    @util.positional(3)
+    @_helpers.positional(3)
    def __init__(self, filename, scope, message=None, cache=None, **kwargs):
        """Constructor
@@ -891,7 +888,7 @@ class OAuth2DecoratorFromClientSecrets(OAuth2Decorator):
            self._message = 'Please configure your application for OAuth 2.0.'
-@util.positional(2)
+@_helpers.positional(2)
 def oauth2decorator_from_clientsecrets(filename, scope,
                                       message=None, cache=None):
    """Creates an OAuth2Decorator populated from a clientsecrets file.
--- a/src/oauth2client/contrib/devshell.py
+++ b/src/oauth2client/contrib/devshell.py
@@ -117,7 +117,12 @@ class DevshellCredentials(client.GoogleCredentials):
            user_agent)
        self._refresh(None)
-    def _refresh(self, http_request):
+    def _refresh(self, http):
        """Refreshes the access token.
        Args:
            http: unused HTTP object
        """
        self.devshell_response = _SendRecv()
        self.access_token = self.devshell_response.access_token
        expires_in = self.devshell_response.expires_in
--- a/src/oauth2client/contrib/django_util/init.py
+++ b/src/oauth2client/contrib/django_util/init.py
@@ -52,6 +52,9 @@ Add the helper to your INSTALLED_APPS:
 This helper also requires the Django Session Middleware, so
 ``django.contrib.sessions.middleware`` should be in INSTALLED_APPS as well.
 MIDDLEWARE or MIDDLEWARE_CLASSES (in Django  versions <1.10) should also
 contain the string 'django.contrib.sessions.middleware.SessionMiddleware'.
 Add the client secrets created earlier to the settings. You can either
 specify the path to the credentials file in JSON format
@@ -228,10 +231,10 @@ import importlib
 import django.conf
 from django.core import exceptions
 from django.core import urlresolvers
 import httplib2
 from six.moves.urllib import parse
 from oauth2client import clientsecrets
 from oauth2client import transport
 from oauth2client.contrib import dictionary_storage
 from oauth2client.contrib.django_util import storage
@@ -335,16 +338,26 @@ class OAuth2Settings(object):
        self.request_prefix = getattr(settings_instance,
                                      'GOOGLE_OAUTH2_REQUEST_ATTRIBUTE',
                                      GOOGLE_OAUTH2_REQUEST_ATTRIBUTE)
-        self.client_id, self.client_secret = \
+        info = _get_oauth2_client_id_and_secret(settings_instance)
-            _get_oauth2_client_id_and_secret(settings_instance)
+        self.client_id, self.client_secret = info
-        if ('django.contrib.sessions.middleware.SessionMiddleware'
+        # Django 1.10 deprecated MIDDLEWARE_CLASSES in favor of MIDDLEWARE
-           not in settings_instance.MIDDLEWARE_CLASSES):
+        middleware_settings = getattr(settings_instance, 'MIDDLEWARE', None)
        if middleware_settings is None:
            middleware_settings = getattr(
                settings_instance, 'MIDDLEWARE_CLASSES', None)
        if middleware_settings is None:
            raise exceptions.ImproperlyConfigured(
-                  'The Google OAuth2 Helper requires session middleware to '
+                'Django settings has neither MIDDLEWARE nor MIDDLEWARE_CLASSES'
-                  'be installed. Edit your MIDDLEWARE_CLASSES setting'
+                'configured')
-                  ' to include \'django.contrib.sessions.middleware.'
+
-                  'SessionMiddleware\'.')
+        if ('django.contrib.sessions.middleware.SessionMiddleware' not in
                middleware_settings):
            raise exceptions.ImproperlyConfigured(
                'The Google OAuth2 Helper requires session middleware to '
                'be installed. Edit your MIDDLEWARE_CLASSES or MIDDLEWARE '
                'setting to include \'django.contrib.sessions.middleware.'
                'SessionMiddleware\'.')
        (self.storage_model, self.storage_model_user_property,
         self.storage_model_credentials_property) = _get_storage_model()
@@ -470,8 +483,7 @@ class UserOAuth2(object):
    @property
    def http(self):
-        """Helper method to create an HTTP client authorized with OAuth2
+        """Helper: create HTTP client authorized with OAuth2 credentials."""
        credentials."""
        if self.has_credentials():
-            return self.credentials.authorize(httplib2.Http())
+            return self.credentials.authorize(transport.get_http_object())
        return None
--- a/src/oauth2client/contrib/django_util/views.py
+++ b/src/oauth2client/contrib/django_util/views.py
@@ -22,13 +22,13 @@ in the configured storage."""
 import hashlib
 import json
 import os
 import pickle
 from django import http
 from django import shortcuts
 from django.conf import settings
 from django.core import urlresolvers
 from django.shortcuts import redirect
 import jsonpickle
 from six.moves.urllib import parse
 from oauth2client import client
@@ -71,7 +71,7 @@ def _make_flow(request, scopes, return_url=None):
            urlresolvers.reverse("google_oauth:callback")))
    flow_key = _FLOW_KEY.format(csrf_token)
-    request.session[flow_key] = pickle.dumps(flow)
+    request.session[flow_key] = jsonpickle.encode(flow)
    return flow
@@ -89,7 +89,7 @@ def _get_flow_for_token(csrf_token, request):
        CSRF token.
    """
    flow_pickle = request.session.get(_FLOW_KEY.format(csrf_token), None)
-    return None if flow_pickle is None else pickle.loads(flow_pickle)
+    return None if flow_pickle is None else jsonpickle.decode(flow_pickle)
 def oauth2_callback(request):
@@ -170,7 +170,10 @@ def oauth2_authorize(request):
         A redirect to Google OAuth2 Authorization.
    """
    return_url = request.GET.get('return_url', None)
    if not return_url:
        return_url = request.META.get('HTTP_REFERER', '/')
    scopes = request.GET.getlist('scopes', django_util.oauth2_settings.scopes)
    # Model storage (but not session storage) requires a logged in user
    if django_util.oauth2_settings.storage_model:
        if not request.user.is_authenticated():
@@ -178,13 +181,11 @@ def oauth2_authorize(request):
                settings.LOGIN_URL, parse.quote(request.get_full_path())))
        # This checks for the case where we ended up here because of a logged
        # out user but we had credentials for it in the first place
-        elif get_storage(request).get() is not None:
+        else:
-            return redirect(return_url)
+            user_oauth = django_util.UserOAuth2(request, scopes, return_url)
            if user_oauth.has_credentials():
                return redirect(return_url)
    scopes = request.GET.getlist('scopes', django_util.oauth2_settings.scopes)
    if not return_url:
        return_url = request.META.get('HTTP_REFERER', '/')
    flow = _make_flow(request=request, scopes=scopes, return_url=return_url)
    auth_url = flow.step1_get_authorize_url()
    return shortcuts.redirect(auth_url)
--- a/src/oauth2client/contrib/flask_util.py
+++ b/src/oauth2client/contrib/flask_util.py
@@ -179,16 +179,14 @@ try:
 except ImportError:  # pragma: NO COVER
    raise ImportError('The flask utilities require flask 0.9 or newer.')
 import httplib2
 import six.moves.http_client as httplib
 from oauth2client import client
 from oauth2client import clientsecrets
 from oauth2client import transport
 from oauth2client.contrib import dictionary_storage
 __author__ = 'jonwayne@google.com (Jon Wayne Parrott)'
 _DEFAULT_SCOPES = ('email',)
 _CREDENTIALS_KEY = 'google_oauth2_credentials'
 _FLOW_KEY = 'google_oauth2_flow_{0}'
@@ -553,4 +551,5 @@ class UserOAuth2(object):
        """
        if not self.credentials:
            raise ValueError('No credentials available.')
-        return self.credentials.authorize(httplib2.Http(*args, **kwargs))
+        return self.credentials.authorize(
            transport.get_http_object(*args, **kwargs))
--- a/src/oauth2client/contrib/gce.py
+++ b/src/oauth2client/contrib/gce.py
@@ -20,14 +20,12 @@ Utilities for making it easier to use OAuth 2.0 on Google Compute Engine.
 import logging
 import warnings
-import httplib2
+from six.moves import http_client
 from oauth2client import client
 from oauth2client.contrib import _metadata
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 logger = logging.getLogger(__name__)
 _SCOPES_WARNING = """\
@@ -98,44 +96,40 @@ class AppAssertionCredentials(client.AssertionCredentials):
        Returns:
            A set of strings containing the canonical list of scopes.
        """
-        self._retrieve_info(http.request)
+        self._retrieve_info(http)
        return self.scopes
-    def _retrieve_info(self, http_request):
+    def _retrieve_info(self, http):
-        """Validates invalid service accounts by retrieving service account info.
+        """Retrieves service account info for invalid credentials.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make the
                          request to the metadata server
        """
        if self.invalid:
            info = _metadata.get_service_account_info(
-                http_request,
+                http,
                service_account=self.service_account_email or 'default')
            self.invalid = False
            self.service_account_email = info['email']
            self.scopes = info['scopes']
-    def _refresh(self, http_request):
+    def _refresh(self, http):
-        """Refreshes the access_token.
+        """Refreshes the access token.
        Skip all the storage hoops and just refresh using the API.
        Args:
-            http_request: callable, a callable that matches the method
+            http: an object to be used to make HTTP requests.
                          signature of httplib2.Http.request, used to make
                          the refresh request.
        Raises:
            HttpAccessTokenRefreshError: When the refresh fails.
        """
        try:
-            self._retrieve_info(http_request)
+            self._retrieve_info(http)
            self.access_token, self.token_expiry = _metadata.get_token(
-                http_request, service_account=self.service_account_email)
+                http, service_account=self.service_account_email)
-        except httplib2.HttpLib2Error as e:
+        except http_client.HTTPException as err:
-            raise client.HttpAccessTokenRefreshError(str(e))
+            raise client.HttpAccessTokenRefreshError(str(err))
    @property
    def serialization_data(self):
--- a/src/oauth2client/contrib/keyring_storage.py
+++ b/src/oauth2client/contrib/keyring_storage.py
@@ -24,9 +24,6 @@ import keyring
 from oauth2client import client
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 class Storage(client.Storage):
    """Store and retrieve a single credential to and from the keyring.
--- a/src/oauth2client/contrib/xsrfutil.py
+++ b/src/oauth2client/contrib/xsrfutil.py
@@ -20,12 +20,7 @@ import hmac
 import time
 from oauth2client import _helpers
 from oauth2client import util
 __authors__ = [
    '"Doug Coker" <dcoker@google.com>',
    '"Joe Gregorio" <jcgregorio@google.com>',
 ]
 # Delimiter character
 DELIMITER = b':'
@@ -34,7 +29,7 @@ DELIMITER = b':'
 DEFAULT_TIMEOUT_SECS = 60 * 60
-@util.positional(2)
+@_helpers.positional(2)
 def generate_token(key, user_id, action_id='', when=None):
    """Generates a URL-safe token for the given user, action, time tuple.
@@ -62,7 +57,7 @@ def generate_token(key, user_id, action_id='', when=None):
    return token
-@util.positional(3)
+@_helpers.positional(3)
 def validate_token(key, token, user_id, action_id="", current_time=None):
    """Validates that the given token authorizes the user for the action.
--- a/src/oauth2client/file.py
+++ b/src/oauth2client/file.py
@@ -21,16 +21,10 @@ credentials.
 import os
 import threading
 from oauth2client import _helpers
 from oauth2client import client
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 class CredentialsFileSymbolicLinkError(Exception):
    """Credentials files must not be symbolic links."""
 class Storage(client.Storage):
    """Store and retrieve a single credential to and from a file."""
@@ -38,11 +32,6 @@ class Storage(client.Storage):
        super(Storage, self).__init__(lock=threading.Lock())
        self._filename = filename
    def _validate_file(self):
        if os.path.islink(self._filename):
            raise CredentialsFileSymbolicLinkError(
                'File: {0} is a symbolic link.'.format(self._filename))
    def locked_get(self):
        """Retrieve Credential from file.
@@ -50,10 +39,10 @@ class Storage(client.Storage):
            oauth2client.client.Credentials
        Raises:
-            CredentialsFileSymbolicLinkError if the file is a symbolic link.
+            IOError if the file is a symbolic link.
        """
        credentials = None
-        self._validate_file()
+        _helpers.validate_file(self._filename)
        try:
            f = open(self._filename, 'rb')
            content = f.read()
@@ -89,10 +78,10 @@ class Storage(client.Storage):
            credentials: Credentials, the credentials to store.
        Raises:
-            CredentialsFileSymbolicLinkError if the file is a symbolic link.
+            IOError if the file is a symbolic link.
        """
        self._create_file_if_needed()
-        self._validate_file()
+        _helpers.validate_file(self._filename)
        f = open(self._filename, 'w')
        f.write(credentials.to_json())
        f.close()
--- a/src/oauth2client/service_account.py
+++ b/src/oauth2client/service_account.py
@@ -25,7 +25,6 @@ from oauth2client import _helpers
 from oauth2client import client
 from oauth2client import crypt
 from oauth2client import transport
 from oauth2client import util
 _PASSWORD_DEFAULT = 'notasecret'
@@ -110,7 +109,7 @@ class ServiceAccountCredentials(client.AssertionCredentials):
        self._service_account_email = service_account_email
        self._signer = signer
-        self._scopes = util.scopes_to_string(scopes)
+        self._scopes = _helpers.scopes_to_string(scopes)
        self._private_key_id = private_key_id
        self.client_id = client_id
        self._user_agent = user_agent
@@ -650,9 +649,22 @@ class _JWTAccessCredentials(ServiceAccountCredentials):
        return result
    def refresh(self, http):
        """Refreshes the access_token.
        The HTTP object is unused since no request needs to be made to
        get a new token, it can just be generated locally.
        Args:
            http: unused HTTP object
        """
        self._refresh(None)
-    def _refresh(self, http_request):
+    def _refresh(self, http):
        """Refreshes the access_token.
        Args:
            http: unused HTTP object
        """
        self.access_token, self.token_expiry = self._create_token()
    def _create_token(self, additional_claims=None):
--- a/src/oauth2client/tools.py
+++ b/src/oauth2client/tools.py
@@ -30,11 +30,10 @@ from six.moves import http_client
 from six.moves import input
 from six.moves import urllib
 from oauth2client import _helpers
 from oauth2client import client
 from oauth2client import util
 __author__ = 'jcgregorio@google.com (Joe Gregorio)'
 __all__ = ['argparser', 'run_flow', 'message_if_missing']
 _CLIENT_SECRETS_MESSAGE = """WARNING: Please configure OAuth 2.0
@@ -123,22 +122,22 @@ class ClientRedirectHandler(BaseHTTPServer.BaseHTTPRequestHandler):
        if an error occurred.
        """
        self.send_response(http_client.OK)
-        self.send_header("Content-type", "text/html")
+        self.send_header('Content-type', 'text/html')
        self.end_headers()
-        query = self.path.split('?', 1)[-1]
+        parts = urllib.parse.urlparse(self.path)
-        query = dict(urllib.parse.parse_qsl(query))
+        query = _helpers.parse_unique_urlencoded(parts.query)
        self.server.query_params = query
        self.wfile.write(
-            b"<html><head><title>Authentication Status</title></head>")
+            b'<html><head><title>Authentication Status</title></head>')
        self.wfile.write(
-            b"<body><p>The authentication flow has completed.</p>")
+            b'<body><p>The authentication flow has completed.</p>')
-        self.wfile.write(b"</body></html>")
+        self.wfile.write(b'</body></html>')
    def log_message(self, format, *args):
        """Do not log messages to stdout while running as cmd. line program."""
-@util.positional(3)
+@_helpers.positional(3)
 def run_flow(flow, storage, flags=None, http=None):
    """Core code for a command-line application.
--- a/src/oauth2client/transport.py
+++ b/src/oauth2client/transport.py
@@ -18,7 +18,7 @@ import httplib2
 import six
 from six.moves import http_client
-from oauth2client._helpers import _to_bytes
+from oauth2client import _helpers
 _LOGGER = logging.getLogger(__name__)
@@ -58,13 +58,19 @@ def get_cached_http():
    return _CACHED_HTTP
-def get_http_object():
+def get_http_object(*args, **kwargs):
    """Return a new HTTP object.
    Args:
        *args: tuple, The positional arguments to be passed when
               contructing a new HTTP object.
        **kwargs: dict, The keyword arguments to be passed when
                  contructing a new HTTP object.
    Returns:
        httplib2.Http, an HTTP object.
    """
-    return httplib2.Http()
+    return httplib2.Http(*args, **kwargs)
 def _initialize_headers(headers):
@@ -121,7 +127,7 @@ def clean_headers(headers):
                k = str(k)
            if not isinstance(v, six.binary_type):
                v = str(v)
-            clean[_to_bytes(k)] = _to_bytes(v)
+            clean[_helpers._to_bytes(k)] = _helpers._to_bytes(v)
    except UnicodeEncodeError:
        from oauth2client.client import NonAsciiHeaderError
        raise NonAsciiHeaderError(k, ': ', v)
@@ -164,9 +170,9 @@ def wrap_http_for_auth(credentials, http):
               _STREAM_PROPERTIES):
            body_stream_position = body.tell()
-        resp, content = orig_request_method(uri, method, body,
+        resp, content = request(orig_request_method, uri, method, body,
-                                            clean_headers(headers),
+                                clean_headers(headers),
-                                            redirections, connection_type)
+                                redirections, connection_type)
        # A stored token may expire between the time it is retrieved and
        # the time the request is made, so we may need to try twice.
@@ -182,9 +188,9 @@ def wrap_http_for_auth(credentials, http):
            if body_stream_position is not None:
                body.seek(body_stream_position)
-            resp, content = orig_request_method(uri, method, body,
+            resp, content = request(orig_request_method, uri, method, body,
-                                                clean_headers(headers),
+                                    clean_headers(headers),
-                                                redirections, connection_type)
+                                    redirections, connection_type)
        return resp, content
@@ -192,7 +198,7 @@ def wrap_http_for_auth(credentials, http):
    http.request = new_request
    # Set credentials as a property of the request method.
-    setattr(http.request, 'credentials', credentials)
+    http.request.credentials = credentials
 def wrap_http_for_jwt_access(credentials, http):
@@ -222,9 +228,9 @@ def wrap_http_for_jwt_access(credentials, http):
            if (credentials.access_token is None or
                    credentials.access_token_expired):
                credentials.refresh(None)
-            return authenticated_request_method(uri, method, body,
+            return request(authenticated_request_method, uri,
-                                                headers, redirections,
+                           method, body, headers, redirections,
-                                                connection_type)
+                           connection_type)
        else:
            # If we don't have an 'aud' (audience) claim,
            # create a 1-time token with the uri root as the audience
@@ -234,12 +240,46 @@ def wrap_http_for_jwt_access(credentials, http):
            token, unused_expiry = credentials._create_token({'aud': uri_root})
            headers['Authorization'] = 'Bearer ' + token
-            return orig_request_method(uri, method, body,
+            return request(orig_request_method, uri, method, body,
-                                       clean_headers(headers),
+                           clean_headers(headers),
-                                       redirections, connection_type)
+                           redirections, connection_type)
    # Replace the request method with our own closure.
    http.request = new_request
    # Set credentials as a property of the request method.
    http.request.credentials = credentials
 def request(http, uri, method='GET', body=None, headers=None,
            redirections=httplib2.DEFAULT_MAX_REDIRECTS,
            connection_type=None):
    """Make an HTTP request with an HTTP object and arguments.
    Args:
        http: httplib2.Http, an http object to be used to make requests.
        uri: string, The URI to be requested.
        method: string, The HTTP method to use for the request. Defaults
                to 'GET'.
        body: string, The payload / body in HTTP request. By default
              there is no payload.
        headers: dict, Key-value pairs of request headers. By default
                 there are no headers.
        redirections: int, The number of allowed 203 redirects for
                      the request. Defaults to 5.
        connection_type: httplib.HTTPConnection, a subclass to be used for
                         establishing connection. If not set, the type
                         will be determined from the ``uri``.
    Returns:
        tuple, a pair of a httplib2.Response with the status code and other
        headers and the bytes of the content returned.
    """
    # NOTE: Allowing http or http.request is temporary (See Issue 601).
    http_callable = getattr(http, 'request', http)
    return http_callable(uri, method=method, body=body, headers=headers,
                         redirections=redirections,
                         connection_type=connection_type)
 _CACHED_HTTP = httplib2.Http(MemoryCache())
--- a/src/project-apis.txt
+++ b/src/project-apis.txt
@@ -0,0 +1,12 @@
 admin.googleapis.com
 appsactivity.googleapis.com
 calendar-json.googleapis.com
 classroom.googleapis.com
 contacts.googleapis.com
 drive
 gmail.googleapis.com
 groupssettings.googleapis.com
 licensing.googleapis.com
 plus.googleapis.com
 reseller.googleapis.com
 siteverification.googleapis.com
--- a/src/utils.py
+++ b/src/utils.py
@@ -0,0 +1,80 @@
 import collections
 import re
 import sys
 from htmlentitydefs import name2codepoint
 from HTMLParser import HTMLParser
 from var import GM_Globals, GM_WINDOWS, GM_SYS_ENCODING
 def convertUTF8(data):
  if isinstance(data, str):
    return data
  if isinstance(data, unicode):
    if GM_Globals[GM_WINDOWS]:
      return data
    return data.encode(GM_Globals[GM_SYS_ENCODING])
  if isinstance(data, collections.Mapping):
    return dict(map(convertUTF8, data.iteritems()))
  if isinstance(data, collections.Iterable):
    return type(data)(map(convertUTF8, data))
  return data
 class _DeHTMLParser(HTMLParser):
  def __init__(self):
    HTMLParser.__init__(self)
    self.__text = []
  def handle_data(self, data):
    self.__text.append(data)
  def handle_charref(self, name):
    self.__text.append(unichr(int(name[1:], 16)) if name.startswith('x') else unichr(int(name)))
  def handle_entityref(self, name):
    cp = name2codepoint.get(name)
    if cp:
      self.__text.append(unichr(cp))
    else:
      self.__text.append(u'&'+name)
  def handle_starttag(self, tag, attrs):
    if tag == 'p':
      self.__text.append('\n\n')
    elif tag == 'br':
      self.__text.append('\n')
    elif tag == 'a':
      for attr in attrs:
        if attr[0] == 'href':
          self.__text.append('({0}) '.format(attr[1]))
          break
    elif tag == 'div':
      if not attrs:
        self.__text.append('\n')
    elif tag in ['http:', 'https']:
      self.__text.append(' ({0}//{1}) '.format(tag, attrs[0][0]))
  def handle_startendtag(self, tag, attrs):
    if tag == 'br':
      self.__text.append('\n\n')
  def text(self):
    return re.sub(r'\n{2}\n+', '\n\n', re.sub(r'\n +', '\n', ''.join(self.__text))).strip()
 def dehtml(text):
  try:
    parser = _DeHTMLParser()
    parser.feed(text.encode(u'utf-8'))
    parser.close()
    return parser.text()
  except:
    from traceback import print_exc
    print_exc(file=sys.stderr)
    return text
 def indentMultiLineText(message, n=0):
  return message.replace(u'\n', u'\n{0}'.format(u' '*n)).rstrip()
 def formatMilliSeconds(millis):
  seconds, millis = divmod(millis, 1000)
  minutes, seconds = divmod(seconds, 60)
  hours, minutes = divmod(minutes, 60)
  return u'%02d:%02d:%02d' % (hours, minutes, seconds)
--- a/src/var.py
+++ b/src/var.py
@@ -0,0 +1,712 @@
 import os
 import sys
 import platform
 import re
 gam_author = u'Jay Lee <jay0lee@gmail.com>'
 gam_version = u'4.2'
 gam_license = u'Apache License 2.0 (http://www.apache.org/licenses/LICENSE-2.0)'
 GAM_URL = u'https://git.io/gam'
 GAM_INFO = u'GAM {0} - {1} / {2} / Python {3}.{4}.{5} {6} / {7} {8} /'.format(gam_version, GAM_URL,
                                                                              gam_author,
                                                                              sys.version_info[0], sys.version_info[1],
                                                                              sys.version_info[2], sys.version_info[3],
                                                                              platform.platform(), platform.machine())
 GAM_RELEASES = u'https://github.com/jay0lee/GAM/releases'
 GAM_WIKI = u'https://github.com/jay0lee/GAM/wiki'
 GAM_ALL_RELEASES = u'https://api.github.com/repos/jay0lee/GAM/releases'
 GAM_LATEST_RELEASE = GAM_ALL_RELEASES+u'/latest'
 GAM_PROJECT_APIS = u'https://raw.githubusercontent.com/jay0lee/GAM/master/src/project-apis.txt'
 TRUE = u'true'
 FALSE = u'false'
 true_values = [u'on', u'yes', u'enabled', u'true', u'1']
 false_values = [u'off', u'no', u'disabled', u'false', u'0']
 usergroup_types = [u'user', u'users', u'group', u'ou', u'org',
                   u'ou_and_children', u'ou_and_child', u'query',
                   u'license', u'licenses', u'licence', u'licences', u'file', u'csv', u'all',
                   u'cros']
 ERROR = u'ERROR'
 ERROR_PREFIX = ERROR+u': '
 WARNING = u'WARNING'
 WARNING_PREFIX = WARNING+u': '
 DEFAULT_CHARSET = [u'mbcs', u'utf-8'][os.name != u'nt']
 ONE_KILO_BYTES = 1000
 ONE_MEGA_BYTES = 1000000
 ONE_GIGA_BYTES = 1000000000
 FN_CLIENT_SECRETS_JSON = u'client_secrets.json'
 FN_EXTRA_ARGS_TXT = u'extra-args.txt'
 FN_LAST_UPDATE_CHECK_TXT = u'lastupdatecheck.txt'
 FN_OAUTH2SERVICE_JSON = u'oauth2service.json'
 FN_OAUTH2_TXT = u'oauth2.txt'
 MY_CUSTOMER = u'my_customer'
 SKUS = {
  u'Google-Apps-For-Business': {
    u'product': u'Google-Apps', u'aliases': [u'gafb', u'gafw', u'basic', u'gsuitebasic'], u'displayName': u'G Suite Basic'},
  u'Google-Apps-For-Government': {
    u'product': u'Google-Apps', u'aliases': [u'gafg', u'gsuitegovernment', u'gsuitegov'], u'displayName': u'G Suite Government'},
  u'Google-Apps-For-Postini': {
    u'product': u'Google-Apps', u'aliases': [u'gams', u'postini', u'gsuitegams', u'gsuitepostini', u'gsuitemessagesecurity'], u'displayName': u'G Suite Message Security'},
  u'Google-Apps-Lite': {
    u'product': u'Google-Apps', u'aliases': [u'gal', u'lite', u'gsuitelite'], u'displayName': u'G Suite Lite'},
  u'Google-Apps-Unlimited': {
    u'product': u'Google-Apps', u'aliases': [u'gau', u'unlimited', u'gsuitebusiness'], u'displayName': u'G Suite Business'},
  u'1010020020': {
    u'product': u'Google-Apps', u'aliases': [u'gae', u'enterprise', u'gsuiteenterprise'], u'displayName': u'G Suite Enterprise'},
  u'Google-Drive-storage-20GB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive20gb', u'20gb', u'googledrivestorage20gb'], u'displayName': u'Google Drive Storage 20GB'},
  u'Google-Drive-storage-50GB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive50gb', u'50gb', u'googledrivestorage50gb'], u'displayName': u'Google Drive Storage 50GB'},
  u'Google-Drive-storage-200GB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive200gb', u'200gb', u'googledrivestorage200gb'], u'displayName': u'Google Drive Storage 200GB'},
  u'Google-Drive-storage-400GB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive400gb', u'400gb', u'googledrivestorage400gb'], u'displayName': u'Google Drive Storage 400GB'},
  u'Google-Drive-storage-1TB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive1tb', u'1tb', u'googledrivestorage1tb'], u'displayName': u'Google Drive Storage 1TB'},
  u'Google-Drive-storage-2TB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive2tb', u'2tb', u'googledrivestorage2tb'], u'displayName': u'Google Drive Storage 2TB'},
  u'Google-Drive-storage-4TB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive4tb', u'4tb', u'googledrivestorage4tb'], u'displayName': u'Google Drive Storage 4TB'},
  u'Google-Drive-storage-8TB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive8tb', u'8tb', u'googledrivestorage8tb'], u'displayName': u'Google Drive Storage 8TB'},
  u'Google-Drive-storage-16TB': {
    u'product': u'Google-Drive-storage', u'aliases': [u'drive16tb', u'16tb', u'googledrivestorage16tb'], u'displayName': u'Google Drive Storage 16TB'},
  u'Google-Vault': {
    u'product': u'Google-Vault', u'aliases': [u'vault', u'googlevault'], u'displayName': u'Google Vault'},
  u'Google-Vault-Former-Employee': {
    u'product': u'Google-Vault', u'aliases': [u'vfe', u'googlevaultformeremployee'], u'displayName': u'Google Vault Former Employee'},
  u'Google-Coordinate': {
    u'product': u'Google-Coordinate', u'aliases': [u'coordinate', u'googlecoordinate'], u'displayName': u'Google Coordinate'},
  u'Google-Chrome-Device-Management': {
    u'product': u'Google-Chrome-Device-Management', u'aliases': [u'chrome', u'cdm', u'googlechromedevicemanagement'], u'displayName': u'Google Chrome Device Management'}
  }
 API_VER_MAPPING = {
  u'appsactivity': u'v1',
  u'calendar': u'v3',
  u'classroom': u'v1',
  u'cloudprint': u'v2',
  u'datatransfer': u'datatransfer_v1',
  u'directory': u'directory_v1',
  u'drive': u'v2',
  u'drive3': u'v3',
  u'email-settings': u'v2',
  u'gmail': u'v1',
  u'groupssettings': u'v1',
  u'licensing': u'v1',
  u'oauth2': u'v2',
  u'plus': u'v1',
  u'reports': u'reports_v1',
  u'reseller': u'v1',
  u'siteVerification': u'v1',
  }
 API_SCOPE_MAPPING = {
  u'appsactivity': [u'https://www.googleapis.com/auth/activity',
                    u'https://www.googleapis.com/auth/drive'],
  u'calendar': [u'https://www.googleapis.com/auth/calendar',],
  u'drive': [u'https://www.googleapis.com/auth/drive',],
  u'drive3': [u'https://www.googleapis.com/auth/drive',],
  u'gmail': [u'https://mail.google.com/',
             u'https://www.googleapis.com/auth/gmail.settings.basic',
             u'https://www.googleapis.com/auth/gmail.settings.sharing',],
  u'plus': [u'https://www.googleapis.com/auth/plus.me',],
 }
 ADDRESS_FIELDS_PRINT_ORDER = [
  u'contactName', u'organizationName',
  u'addressLine1', u'addressLine2', u'addressLine3',
  u'locality', u'region', u'postalCode', u'countryCode',
  ]
 ADDRESS_FIELDS_ARGUMENT_MAP = {
  u'contact': u'contactName', u'contactname': u'contactName',
  u'name': u'organizationName', u'organizationname': u'organizationName',
  u'address1': u'addressLine1', u'addressline1': u'addressLine1',
  u'address2': u'addressLine2', u'addressline2': u'addressLine2',
  u'address3': u'addressLine3', u'addressline3': u'addressLine3',
  u'locality': u'locality',
  u'region': u'region',
  u'postalcode': u'postalCode',
  u'country': u'countryCode', u'countrycode': u'countryCode',
  }
 SERVICE_NAME_CHOICES_MAP = {
  u'drive': u'Drive and Docs',
  u'drive and docs': u'Drive and Docs',
  u'googledrive': u'Drive and Docs',
  u'gdrive': u'Drive and Docs',
  }
 PRINTJOB_ASCENDINGORDER_MAP = {
  u'createtime': u'CREATE_TIME',
  u'status': u'STATUS',
  u'title': u'TITLE',
  }
 PRINTJOB_DESCENDINGORDER_MAP = {
  u'CREATE_TIME': u'CREATE_TIME_DESC',
  u'STATUS':  u'STATUS_DESC',
  u'TITLE': u'TITLE_DESC',
  }
 PRINTJOBS_DEFAULT_JOB_LIMIT = 25
 PRINTJOBS_DEFAULT_MAX_RESULTS = 100
 CALENDAR_REMINDER_METHODS = [u'email', u'sms', u'popup',]
 CALENDAR_NOTIFICATION_METHODS = [u'email', u'sms',]
 CALENDAR_NOTIFICATION_TYPES_MAP = {
  u'eventcreation': u'eventCreation',
  u'eventchange': u'eventChange',
  u'eventcancellation': u'eventCancellation',
  u'eventresponse': u'eventResponse',
  u'agenda': u'agenda',
  }
 DRIVEFILE_FIELDS_CHOICES_MAP = {
  u'alternatelink': u'alternateLink',
  u'appdatacontents': u'appDataContents',
  u'cancomment': u'canComment',
  u'canreadrevisions': u'canReadRevisions',
  u'copyable': u'copyable',
  u'createddate': u'createdDate',
  u'createdtime': u'createdDate',
  u'description': u'description',
  u'editable': u'editable',
  u'explicitlytrashed': u'explicitlyTrashed',
  u'fileextension': u'fileExtension',
  u'filesize': u'fileSize',
  u'foldercolorrgb': u'folderColorRgb',
  u'fullfileextension': u'fullFileExtension',
  u'headrevisionid': u'headRevisionId',
  u'iconlink': u'iconLink',
  u'id': u'id',
  u'lastmodifyinguser': u'lastModifyingUser',
  u'lastmodifyingusername': u'lastModifyingUserName',
  u'lastviewedbyme': u'lastViewedByMeDate',
  u'lastviewedbymedate': u'lastViewedByMeDate',
  u'lastviewedbymetime': u'lastViewedByMeDate',
  u'lastviewedbyuser': u'lastViewedByMeDate',
  u'md5': u'md5Checksum',
  u'md5checksum': u'md5Checksum',
  u'md5sum': u'md5Checksum',
  u'mime': u'mimeType',
  u'mimetype': u'mimeType',
  u'modifiedbyme': u'modifiedByMeDate',
  u'modifiedbymedate': u'modifiedByMeDate',
  u'modifiedbymetime': u'modifiedByMeDate',
  u'modifiedbyuser': u'modifiedByMeDate',
  u'modifieddate': u'modifiedDate',
  u'modifiedtime': u'modifiedDate',
  u'name': u'title',
  u'originalfilename': u'originalFilename',
  u'ownedbyme': u'ownedByMe',
  u'ownernames': u'ownerNames',
  u'owners': u'owners',
  u'parents': u'parents',
  u'permissions': u'permissions',
  u'quotabytesused': u'quotaBytesUsed',
  u'quotaused': u'quotaBytesUsed',
  u'shareable': u'shareable',
  u'shared': u'shared',
  u'sharedwithmedate': u'sharedWithMeDate',
  u'sharedwithmetime': u'sharedWithMeDate',
  u'sharinguser': u'sharingUser',
  u'spaces': u'spaces',
  u'thumbnaillink': u'thumbnailLink',
  u'title': u'title',
  u'userpermission': u'userPermission',
  u'version': u'version',
  u'viewedbyme': u'labels(viewed)',
  u'viewedbymedate': u'lastViewedByMeDate',
  u'viewedbymetime': u'lastViewedByMeDate',
  u'viewerscancopycontent': u'labels(restricted)',
  u'webcontentlink': u'webContentLink',
  u'webviewlink': u'webViewLink',
  u'writerscanshare': u'writersCanShare',
  }
 DRIVEFILE_LABEL_CHOICES_MAP = {
  u'restricted': u'restricted',
  u'restrict': u'restricted',
  u'starred': u'starred',
  u'star': u'starred',
  u'trashed': u'trashed',
  u'trash': u'trashed',
  u'viewed': u'viewed',
  u'view': u'viewed',
 }
 DRIVEFILE_ORDERBY_CHOICES_MAP = {
  u'createddate': u'createdDate',
  u'folder': u'folder',
  u'lastviewedbyme': u'lastViewedByMeDate',
  u'lastviewedbymedate': u'lastViewedByMeDate',
  u'lastviewedbyuser': u'lastViewedByMeDate',
  u'modifiedbyme': u'modifiedByMeDate',
  u'modifiedbymedate': u'modifiedByMeDate',
  u'modifiedbyuser': u'modifiedByMeDate',
  u'modifieddate': u'modifiedDate',
  u'name': u'title',
  u'quotabytesused': u'quotaBytesUsed',
  u'quotaused': u'quotaBytesUsed',
  u'recency': u'recency',
  u'sharedwithmedate': u'sharedWithMeDate',
  u'starred': u'starred',
  u'title': u'title',
  u'viewedbymedate': u'lastViewedByMeDate',
  }
 DELETE_DRIVEFILE_FUNCTION_TO_ACTION_MAP = {
  u'delete': u'purging',
  u'trash': u'trashing',
  u'untrash': u'untrashing',
  }
 DRIVEFILE_LABEL_CHOICES_MAP = {
  u'restricted': u'restricted',
  u'restrict': u'restricted',
  u'starred': u'starred',
  u'star': u'starred',
  u'trashed': u'trashed',
  u'trash': u'trashed',
  u'viewed': u'viewed',
  u'view': u'viewed',
  }
 APPLICATION_VND_GOOGLE_APPS = u'application/vnd.google-apps.'
 MIMETYPE_GA_DOCUMENT = APPLICATION_VND_GOOGLE_APPS+u'document'
 MIMETYPE_GA_DRAWING = APPLICATION_VND_GOOGLE_APPS+u'drawing'
 MIMETYPE_GA_FOLDER = APPLICATION_VND_GOOGLE_APPS+u'folder'
 MIMETYPE_GA_FORM = APPLICATION_VND_GOOGLE_APPS+u'form'
 MIMETYPE_GA_FUSIONTABLE = APPLICATION_VND_GOOGLE_APPS+u'fusiontable'
 MIMETYPE_GA_MAP = APPLICATION_VND_GOOGLE_APPS+u'map'
 MIMETYPE_GA_PRESENTATION = APPLICATION_VND_GOOGLE_APPS+u'presentation'
 MIMETYPE_GA_SCRIPT = APPLICATION_VND_GOOGLE_APPS+u'script'
 MIMETYPE_GA_SITES = APPLICATION_VND_GOOGLE_APPS+u'sites'
 MIMETYPE_GA_SPREADSHEET = APPLICATION_VND_GOOGLE_APPS+u'spreadsheet'
 MIMETYPE_CHOICES_MAP = {
  u'gdoc': MIMETYPE_GA_DOCUMENT,
  u'gdocument': MIMETYPE_GA_DOCUMENT,
  u'gdrawing': MIMETYPE_GA_DRAWING,
  u'gfolder': MIMETYPE_GA_FOLDER,
  u'gdirectory': MIMETYPE_GA_FOLDER,
  u'gform': MIMETYPE_GA_FORM,
  u'gfusion': MIMETYPE_GA_FUSIONTABLE,
  u'gpresentation': MIMETYPE_GA_PRESENTATION,
  u'gscript': MIMETYPE_GA_SCRIPT,
  u'gsite': MIMETYPE_GA_SITES,
  u'gsheet': MIMETYPE_GA_SPREADSHEET,
  u'gspreadsheet': MIMETYPE_GA_SPREADSHEET,
  }
 DFA_CONVERT = u'convert'
 DFA_LOCALFILEPATH = u'localFilepath'
 DFA_LOCALFILENAME = u'localFilename'
 DFA_LOCALMIMETYPE = u'localMimeType'
 DFA_OCR = u'ocr'
 DFA_OCRLANGUAGE = u'ocrLanguage'
 DFA_PARENTQUERY = u'parentQuery'
 DOCUMENT_FORMATS_MAP = {
  u'csv': [{u'mime': u'text/csv', u'ext': u'.csv'}],
  u'html': [{u'mime': u'text/html', u'ext': u'.html'}],
  u'txt': [{u'mime': u'text/plain', u'ext': u'.txt'}],
  u'tsv': [{u'mime': u'text/tsv', u'ext': u'.tsv'}],
  u'jpeg': [{u'mime': u'image/jpeg', u'ext': u'.jpeg'}],
  u'jpg': [{u'mime': u'image/jpeg', u'ext': u'.jpg'}],
  u'png': [{u'mime': u'image/png', u'ext': u'.png'}],
  u'svg': [{u'mime': u'image/svg+xml', u'ext': u'.svg'}],
  u'pdf': [{u'mime': u'application/pdf', u'ext': u'.pdf'}],
  u'rtf': [{u'mime': u'application/rtf', u'ext': u'.rtf'}],
  u'zip': [{u'mime': u'application/zip', u'ext': u'.zip'}],
  u'pptx': [{u'mime': u'application/vnd.openxmlformats-officedocument.presentationml.presentation', u'ext': u'.pptx'}],
  u'xlsx': [{u'mime': u'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', u'ext': u'.xlsx'}],
  u'docx': [{u'mime': u'application/vnd.openxmlformats-officedocument.wordprocessingml.document', u'ext': u'.docx'}],
  u'ms': [{u'mime': u'application/vnd.openxmlformats-officedocument.presentationml.presentation', u'ext': u'.pptx'},
          {u'mime': u'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', u'ext': u'.xlsx'},
          {u'mime': u'application/vnd.openxmlformats-officedocument.wordprocessingml.document', u'ext': u'.docx'}],
  u'microsoft': [{u'mime': u'application/vnd.openxmlformats-officedocument.presentationml.presentation', u'ext': u'.pptx'},
                 {u'mime': u'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', u'ext': u'.xlsx'},
                 {u'mime': u'application/vnd.openxmlformats-officedocument.wordprocessingml.document', u'ext': u'.docx'}],
  u'micro$oft': [{u'mime': u'application/vnd.openxmlformats-officedocument.presentationml.presentation', u'ext': u'.pptx'},
                 {u'mime': u'application/vnd.openxmlformats-officedocument.spreadsheetml.sheet', u'ext': u'.xlsx'},
                 {u'mime': u'application/vnd.openxmlformats-officedocument.wordprocessingml.document', u'ext': u'.docx'}],
  u'odt': [{u'mime': u'application/vnd.oasis.opendocument.text', u'ext': u'.odt'}],
  u'ods': [{u'mime': u'application/x-vnd.oasis.opendocument.spreadsheet', u'ext': u'.ods'}],
  u'openoffice': [{u'mime': u'application/vnd.oasis.opendocument.text', u'ext': u'.odt'},
                  {u'mime': u'application/x-vnd.oasis.opendocument.spreadsheet', u'ext': u'.ods'}],
  }
 EMAILSETTINGS_OLD_NEW_OLD_FORWARD_ACTION_MAP = {
  u'ARCHIVE': u'archive',
  u'DELETE': u'trash',
  u'KEEP': u'leaveInInBox',
  u'MARK_READ': u'markRead',
  u'archive': u'ARCHIVE',
  u'trash': u'DELETE',
  u'leaveInInbox': u'KEEP',
  u'markRead': u'MARK_READ',
  }
 EMAILSETTINGS_IMAP_EXPUNGE_BEHAVIOR_CHOICES_MAP = {
  u'archive': u'archive',
  u'deleteforever': u'deleteForever',
  u'trash': u'trash',
  }
 EMAILSETTINGS_IMAP_MAX_FOLDER_SIZE_CHOICES = [u'0', u'1000', u'2000', u'5000', u'10000']
 EMAILSETTINGS_POP_ENABLE_FOR_CHOICES_MAP = {
  u'allmail': u'allMail',
  u'fromnowon': u'fromNowOn',
  u'mailfromnowon': u'fromNowOn',
  u'newmail': u'fromNowOn',
  }
 EMAILSETTINGS_FORWARD_POP_ACTION_CHOICES_MAP = {
  u'archive': u'archive',
  u'delete': u'trash',
  u'keep': u'leaveInInbox',
  u'leaveininbox': u'leaveInInbox',
  u'markread': u'markRead',
  u'trash': u'trash',
  }
 RT_PATTERN = re.compile(r'(?s){RT}.*?{(.+?)}.*?{/RT}')
 RT_OPEN_PATTERN = re.compile(r'{RT}')
 RT_CLOSE_PATTERN = re.compile(r'{/RT}')
 RT_STRIP_PATTERN = re.compile(r'(?s){RT}.*?{/RT}')
 RT_TAG_REPLACE_PATTERN = re.compile(r'{(.*?)}')
 FILTER_ADD_LABEL_TO_ARGUMENT_MAP = {
  u'IMPORTANT': u'important',
  u'STARRED': u'star',
  u'TRASH': u'trash',
  }
 FILTER_REMOVE_LABEL_TO_ARGUMENT_MAP = {
  u'IMPORTANT': u'notimportant',
  u'UNREAD': u'markread',
  u'INBOX': u'archive',
  u'SPAM': u'neverspam',
  }
 FILTER_CRITERIA_CHOICES_MAP = {
  u'excludechats': u'excludeChats',
  u'from': u'from',
  u'hasattachment': u'hasAttachment',
  u'haswords': u'query',
  u'musthaveattachment': u'hasAttachment',
  u'negatedquery': u'negatedQuery',
  u'nowords': u'negatedQuery',
  u'query': u'query',
  u'size': u'size',
  u'subject': u'subject',
  u'to': u'to',
  }
 FILTER_ACTION_CHOICES = [
  u'archive', u'forward', u'important', u'label',
  u'markread', u'neverspam', u'notimportant', u'star', u'trash',
  ]
 CROS_ARGUMENT_TO_PROPERTY_MAP = {
  u'activetimeranges': [u'activeTimeRanges.activeTime', u'activeTimeRanges.date'],
  u'annotatedassetid': [u'annotatedAssetId',],
  u'annotatedlocation': [u'annotatedLocation',],
  u'annotateduser': [u'annotatedUser',],
  u'asset': [u'annotatedAssetId',],
  u'assetid': [u'annotatedAssetId',],
  u'bootmode': [u'bootMode',],
  u'deviceid': [u'deviceId',],
  u'ethernetmacaddress': [u'ethernetMacAddress',],
  u'firmwareversion': [u'firmwareVersion',],
  u'lastenrollmenttime': [u'lastEnrollmentTime',],
  u'lastsync': [u'lastSync',],
  u'location': [u'annotatedLocation',],
  u'macaddress': [u'macAddress',],
  u'meid': [u'meid',],
  u'model': [u'model',],
  u'notes': [u'notes',],
  u'ordernumber': [u'orderNumber',],
  u'org': [u'orgUnitPath',],
  u'orgunitpath': [u'orgUnitPath',],
  u'osversion': [u'osVersion',],
  u'ou': [u'orgUnitPath',],
  u'platformversion': [u'platformVersion',],
  u'recentusers': [u'recentUsers.email', u'recentUsers.type'],
  u'serialnumber': [u'serialNumber',],
  u'status': [u'status',],
  u'supportenddate': [u'supportEndDate',],
  u'tag': [u'annotatedAssetId',],
  u'timeranges': [u'activeTimeRanges.activeTime', u'activeTimeRanges.date'],
  u'user': [u'annotatedUser',],
  u'willautorenew': [u'willAutoRenew',],
  }
 CROS_BASIC_FIELDS_LIST = [u'deviceId', u'annotatedAssetId', u'annotatedLocation', u'annotatedUser', u'lastSync', u'notes', u'serialNumber', u'status']
 CROS_SCALAR_PROPERTY_PRINT_ORDER = [
  u'orgUnitPath',
  u'annotatedAssetId',
  u'annotatedLocation',
  u'annotatedUser',
  u'lastSync',
  u'notes',
  u'serialNumber',
  u'status',
  u'model',
  u'firmwareVersion',
  u'platformVersion',
  u'osVersion',
  u'bootMode',
  u'meid',
  u'ethernetMacAddress',
  u'macAddress',
  u'lastEnrollmentTime',
  u'orderNumber',
  u'supportEndDate',
  u'willAutoRenew',
  ]
 #
 # Global variables
 #
 # The following GM_XXX constants are arbitrary but must be unique
 # Most errors print a message and bail out with a return code
 # Some commands want to set a non-zero return code but not bail
 GM_SYSEXITRC = u'sxrc'
 # Path to gam
 GM_GAM_PATH = u'gpth'
 # Are we on Windows?
 GM_WINDOWS = u'wndo'
 # Encodings
 GM_SYS_ENCODING = u'syen'
 # Extra arguments to pass to GAPI functions
 GM_EXTRA_ARGS_DICT = u'exad'
 # Current API user
 GM_CURRENT_API_USER = u'capu'
 # Current API scope
 GM_CURRENT_API_SCOPES = u'scoc'
 # Values retrieved from oauth2service.json
 GM_OAUTH2SERVICE_JSON_DATA = u'oajd'
 GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID = u'oaci'
 # File containing time of last GAM update check
 GM_LAST_UPDATE_CHECK_TXT = u'lupc'
 # Dictionary mapping OrgUnit ID to Name
 GM_MAP_ORGUNIT_ID_TO_NAME = u'oi2n'
 # Dictionary mapping Role ID to Name
 GM_MAP_ROLE_ID_TO_NAME = u'ri2n'
 # Dictionary mapping Role Name to ID
 GM_MAP_ROLE_NAME_TO_ID = u'rn2i'
 # Dictionary mapping User ID to Name
 GM_MAP_USER_ID_TO_NAME = u'ui2n'
 # GAM cache directory. If no_cache is True, this variable will be set to None
 GM_CACHE_DIR = u'gacd'
 # Reset GAM cache directory after discovery
 GM_CACHE_DISCOVERY_ONLY = u'gcdo'
 #
 GM_Globals = {
  GM_SYSEXITRC: 0,
  GM_GAM_PATH: os.path.dirname(os.path.realpath(__file__)) if not getattr(sys, u'frozen', False) else os.path.dirname(sys.executable),
  GM_WINDOWS: os.name == u'nt',
  GM_SYS_ENCODING: DEFAULT_CHARSET,
  GM_EXTRA_ARGS_DICT:  {u'prettyPrint': False},
  GM_CURRENT_API_USER: None,
  GM_CURRENT_API_SCOPES: [],
  GM_OAUTH2SERVICE_JSON_DATA: None,
  GM_OAUTH2SERVICE_ACCOUNT_CLIENT_ID: None,
  GM_LAST_UPDATE_CHECK_TXT: u'',
  GM_MAP_ORGUNIT_ID_TO_NAME: None,
  GM_MAP_ROLE_ID_TO_NAME: None,
  GM_MAP_ROLE_NAME_TO_ID: None,
  GM_MAP_USER_ID_TO_NAME: None,
  GM_CACHE_DIR: None,
  GM_CACHE_DISCOVERY_ONLY: True,
  }
 #
 # Global variables defined by environment variables/signal files
 #
 # When retrieving lists of Google Drive activities from API, how many should be retrieved in each chunk
 GC_ACTIVITY_MAX_RESULTS = u'activity_max_results'
 # Automatically generate gam batch command if number of users specified in gam users xxx command exceeds this number
 # Default: 0, don't automatically generate gam batch commands
 GC_AUTO_BATCH_MIN = u'auto_batch_min'
 # When processing items in batches, how many should be processed in each batch
 GC_BATCH_SIZE = u'batch_size'
 # GAM cache directory. If no_cache is specified, this variable will be set to None
 GC_CACHE_DIR = u'cache_dir'
 # GAM cache discovery only. If no_cache is False, only API discovery calls will be cached
 GC_CACHE_DISCOVERY_ONLY = u'cache_discovery_only'
 # Character set of batch, csv, data files
 GC_CHARSET = u'charset'
 # Path to client_secrets.json
 GC_CLIENT_SECRETS_JSON = u'client_secrets_json'
 # GAM config directory containing client_secrets.json, oauth2.txt, oauth2service.json, extra_args.txt
 GC_CONFIG_DIR = u'config_dir'
 # custmerId from gam.cfg or retrieved from Google
 GC_CUSTOMER_ID = u'customer_id'
 # If debug_level > 0: extra_args[u'prettyPrint'] = True, httplib2.debuglevel = gam_debug_level, appsObj.debug = True
 GC_DEBUG_LEVEL = u'debug_level'
 # When retrieving lists of ChromeOS/Mobile devices from API, how many should be retrieved in each chunk
 GC_DEVICE_MAX_RESULTS = u'device_max_results'
 # Domain obtained from gam.cfg or oauth2.txt
 GC_DOMAIN = u'domain'
 # Google Drive download directory
 GC_DRIVE_DIR = u'drive_dir'
 # When retrieving lists of Drive files/folders from API, how many should be retrieved in each chunk
 GC_DRIVE_MAX_RESULTS = u'drive_max_results'
 # If no_browser is False, writeCSVfile won't open a browser when todrive is set
 # and doRequestOAuth prints a link and waits for the verification code when oauth2.txt is being created
 GC_NO_BROWSER = u'no_browser'
 # Disable GAM API caching
 GC_NO_CACHE = u'no_cache'
 # Disable GAM update check
 GC_NO_UPDATE_CHECK = u'no_update_check'
 # Disable SSL certificate validation
 GC_NO_VERIFY_SSL = u'no_verify_ssl'
 # Number of threads for gam batch
 GC_NUM_THREADS = u'num_threads'
 # Path to oauth2.txt
 GC_OAUTH2_TXT = u'oauth2_txt'
 # Path to oauth2service.json
 GC_OAUTH2SERVICE_JSON = u'oauth2service_json'
 # Default section to use for processing
 GC_SECTION = u'section'
 # Add (n/m) to end of messages if number of items to be processed exceeds this number
 GC_SHOW_COUNTS_MIN = u'show_counts_min'
 # Enable/disable "Getting ... " messages
 GC_SHOW_GETTINGS = u'show_gettings'
 # GAM config directory containing json discovery files
 GC_SITE_DIR = u'site_dir'
 # When retrieving lists of Users from API, how many should be retrieved in each chunk
 GC_USER_MAX_RESULTS = u'user_max_results'
 GC_Defaults = {
  GC_ACTIVITY_MAX_RESULTS: 100,
  GC_AUTO_BATCH_MIN: 0,
  GC_BATCH_SIZE: 50,
  GC_CACHE_DIR: u'',
  GC_CACHE_DISCOVERY_ONLY: True,
  GC_CHARSET: DEFAULT_CHARSET,
  GC_CLIENT_SECRETS_JSON: FN_CLIENT_SECRETS_JSON,
  GC_CONFIG_DIR: u'',
  GC_CUSTOMER_ID: MY_CUSTOMER,
  GC_DEBUG_LEVEL: 0,
  GC_DEVICE_MAX_RESULTS: 500,
  GC_DOMAIN: u'',
  GC_DRIVE_DIR: u'',
  GC_DRIVE_MAX_RESULTS: 1000,
  GC_NO_BROWSER: False,
  GC_NO_CACHE: False,
  GC_NO_UPDATE_CHECK: False,
  GC_NO_VERIFY_SSL: False,
  GC_NUM_THREADS: 25,
  GC_OAUTH2_TXT: FN_OAUTH2_TXT,
  GC_OAUTH2SERVICE_JSON: FN_OAUTH2SERVICE_JSON,
  GC_SECTION: u'',
  GC_SHOW_COUNTS_MIN: 0,
  GC_SHOW_GETTINGS: True,
  GC_SITE_DIR: u'',
  GC_USER_MAX_RESULTS: 500,
  }
 GC_Values = {}
 GC_TYPE_BOOLEAN = u'bool'
 GC_TYPE_CHOICE = u'choi'
 GC_TYPE_DIRECTORY = u'dire'
 GC_TYPE_EMAIL = u'emai'
 GC_TYPE_FILE = u'file'
 GC_TYPE_INTEGER = u'inte'
 GC_TYPE_LANGUAGE = u'lang'
 GC_TYPE_STRING = u'stri'
 GC_VAR_TYPE = u'type'
 GC_VAR_LIMITS = u'lmit'
 GC_VAR_INFO = {
  GC_ACTIVITY_MAX_RESULTS: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, 500)},
  GC_AUTO_BATCH_MIN: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (0, None)},
  GC_BATCH_SIZE: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, 1000)},
  GC_CACHE_DIR: {GC_VAR_TYPE: GC_TYPE_DIRECTORY},
  GC_CACHE_DISCOVERY_ONLY: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_CHARSET: {GC_VAR_TYPE: GC_TYPE_STRING},
  GC_CLIENT_SECRETS_JSON: {GC_VAR_TYPE: GC_TYPE_FILE},
  GC_CONFIG_DIR: {GC_VAR_TYPE: GC_TYPE_DIRECTORY},
  GC_CUSTOMER_ID: {GC_VAR_TYPE: GC_TYPE_STRING},
  GC_DEBUG_LEVEL: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (0, None)},
  GC_DEVICE_MAX_RESULTS: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, 1000)},
  GC_DOMAIN: {GC_VAR_TYPE: GC_TYPE_STRING},
  GC_DRIVE_DIR: {GC_VAR_TYPE: GC_TYPE_DIRECTORY},
  GC_DRIVE_MAX_RESULTS: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, 1000)},
  GC_NO_BROWSER: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_NO_CACHE: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_NO_UPDATE_CHECK: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_NO_VERIFY_SSL: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_NUM_THREADS: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, None)},
  GC_OAUTH2_TXT: {GC_VAR_TYPE: GC_TYPE_FILE},
  GC_OAUTH2SERVICE_JSON: {GC_VAR_TYPE: GC_TYPE_FILE},
  GC_SECTION: {GC_VAR_TYPE: GC_TYPE_STRING},
  GC_SHOW_COUNTS_MIN: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (0, None)},
  GC_SHOW_GETTINGS: {GC_VAR_TYPE: GC_TYPE_BOOLEAN},
  GC_SITE_DIR: {GC_VAR_TYPE: GC_TYPE_DIRECTORY},
  GC_USER_MAX_RESULTS: {GC_VAR_TYPE: GC_TYPE_INTEGER, GC_VAR_LIMITS: (1, 500)},
  }
 # Google API constants
 NEVER_TIME = u'1970-01-01T00:00:00.000Z'
 NEVER_START_DATE = u'1970-01-01'
 NEVER_END_DATE = u'1969-12-31'
 ROLE_MANAGER = u'MANAGER'
 ROLE_MEMBER = u'MEMBER'
 ROLE_OWNER = u'OWNER'
 ROLE_USER = u'USER'
 ROLE_MANAGER_MEMBER = u','.join([ROLE_MANAGER, ROLE_MEMBER])
 ROLE_MANAGER_OWNER = u','.join([ROLE_MANAGER, ROLE_OWNER])
 ROLE_MANAGER_MEMBER_OWNER = u','.join([ROLE_MANAGER, ROLE_MEMBER, ROLE_OWNER])
 ROLE_MEMBER_OWNER = u','.join([ROLE_MEMBER, ROLE_OWNER])
 PROJECTION_CHOICES_MAP = {u'basic': u'BASIC', u'full': u'FULL',}
 SORTORDER_CHOICES_MAP = {u'ascending': u'ASCENDING', u'descending': u'DESCENDING',}
 #
 CLEAR_NONE_ARGUMENT = [u'clear', u'none',]
 #
 MESSAGE_API_ACCESS_CONFIG = u'API access is configured in your Control Panel under: Security-Show more-Advanced settings-Manage API client access'
 MESSAGE_API_ACCESS_DENIED = u'API access Denied.\n\nPlease make sure the Client ID: {0} is authorized for the API Scope(s): {1}'
 MESSAGE_GAM_EXITING_FOR_UPDATE = u'GAM is now exiting so that you can overwrite this old version with the latest release'
 MESSAGE_GAM_OUT_OF_MEMORY = u'GAM has run out of memory. If this is a large G Suite instance, you should use a 64-bit version of GAM on Windows or a 64-bit version of Python on other systems.'
 MESSAGE_HEADER_NOT_FOUND_IN_CSV_HEADERS = u'Header "{0}" not found in CSV headers of "{1}".'
 MESSAGE_HIT_CONTROL_C_TO_UPDATE = u'\n\nHit CTRL+C to visit the GAM website and download the latest release or wait 15 seconds continue with this boring old version. GAM won\'t bother you with this announcement for 1 week or you can create a file named noupdatecheck.txt in the same location as gam.py or gam.exe and GAM won\'t ever check for updates.'
 MESSAGE_INVALID_JSON = u'The file {0} has an invalid format.'
 MESSAGE_NO_DISCOVERY_INFORMATION = u'No online discovery doc and {0} does not exist locally'
 MESSAGE_NO_PYTHON_SSL = u'You don\'t have the Python SSL module installed so we can\'t verify SSL Certificates. You can fix this by installing the Python SSL module or you can live on the edge and turn SSL validation off by creating a file named noverifyssl.txt in the same location as gam.exe / gam.py'
 MESSAGE_NO_TRANSFER_LACK_OF_DISK_SPACE = u'Cowardly refusing to perform migration due to lack of target drive space. Source size: {0}mb Target Free: {1}mb'
 MESSAGE_REQUEST_COMPLETED_NO_FILES = u'Request completed but no results/files were returned, try requesting again'
 MESSAGE_REQUEST_NOT_COMPLETE = u'Request needs to be completed before downloading, current status is: {0}'
 MESSAGE_RESULTS_TOO_LARGE_FOR_GOOGLE_SPREADSHEET = u'Results are too large for Google Spreadsheets. Uploading as a regular CSV file.'
 MESSAGE_SERVICE_NOT_APPLICABLE = u'Service not applicable for this address: {0}. Please make sure service is enabled for user and run\n\ngam user <user> check serviceaccount\n\nfor further instructions'
 MESSAGE_INSTRUCTIONS_OAUTH2SERVICE_JSON = u'Please run\n\ngam create project\ngam user <user> check serviceaccount\n\nto create and configure a service account.'
 MESSAGE_OAUTH2SERVICE_JSON_INVALID = u'The file {0} is missing required keys (client_email, client_id or private_key). Please remove it and recreate with the commands:\n\ngam create project\ngam user <user> check serviceaccount'
 # oauth errors
 OAUTH2_TOKEN_ERRORS = [u'access_denied', u'unauthorized_client: Unauthorized client or scope in request.', u'access_denied: Requested client not authorized.',
                       u'invalid_grant: Not a valid email.', u'invalid_grant: Invalid email or User ID', u'invalid_grant: Bad Request',
                       u'invalid_request: Invalid impersonation prn email address.', u'internal_failure: Backend Error']
 #
 # callGAPI throw reasons
 GAPI_BACKEND_ERROR = u'backendError'
 GAPI_BAD_REQUEST = u'badRequest'
 GAPI_FORBIDDEN = u'forbidden'
 GAPI_INTERNAL_ERROR = u'internalError'
 GAPI_INVALID = u'invalid'
 GAPI_NOT_FOUND = u'notFound'
 GAPI_QUOTA_EXCEEDED = u'quotaExceeded'
 GAPI_RATE_LIMIT_EXCEEDED = u'rateLimitExceeded'
 GAPI_SERVICE_NOT_AVAILABLE = u'serviceNotAvailable'
 GAPI_USER_NOT_FOUND = u'userNotFound'
 GAPI_USER_RATE_LIMIT_EXCEEDED = u'userRateLimitExceeded'
 #
 GAPI_DEFAULT_RETRY_REASONS = [GAPI_QUOTA_EXCEEDED, GAPI_RATE_LIMIT_EXCEEDED, GAPI_USER_RATE_LIMIT_EXCEEDED, GAPI_BACKEND_ERROR, GAPI_INTERNAL_ERROR]
 GAPI_GMAIL_THROW_REASONS = [GAPI_SERVICE_NOT_AVAILABLE]
 GAPI_GPLUS_THROW_REASONS = [GAPI_SERVICE_NOT_AVAILABLE]
--- a/src/whatsnew.txt
+++ b/src/whatsnew.txt
@@ -1,3 +1,35 @@
 GAM 4.2
 - Create, Update, Delete and List Team Drives
 - Start moving to Drive API v3
 - Disable GAM cache by default to prevent errors (Ross)
 - Use service accounts for all Calendar, Drive and Gmail operations to reduce scopes
 - Fix "Unknown" errors due to a scope issue (may require "gam oauth revoke" and re-authentication)
 - "gam info domain" shows basic user / license sums again
 - "gam report customer" now shows more browser usage stats
 - Fix project creation ToS error (Ross)
 GAM 4.12
 - Realtime 2SV user status in gam info user and gam print users. Thanks hajdbo!
 - Reseller API support. Create and manage customers and subscriptions.
 - Delete or modify Gmail threads. Improved message delete/modify performance.
 - Support for the new G Suite Enterprise license
 - Manage S/MIME certificates for G Suite Enterprise users
 - Many fixes and improvements by Ross.
 GAM 4.11
 - Allow newlines in calendar event descriptions (Ross)
 - All HTTP requests should now honor SSL verify setting, debug, etc
 GAM 4.1
 - Fix "gam create project"
 - project create cleanups by Ross
 - Various fixes by Ross
 - Improved batch command performance. Some commands will see 2-3x speedups.
 - Faster "gam info user" commands via batch license retrieval
 GAM 4.03
 - Minor fixes by Jay and Ross. Mostly to new install process.
 GAM 4.02
 - "gam create project" command simplifies creation of client_secrets.json and oauth2service.json project files.
 - Automated wizard simplifies GAM setup on Linux and MacOS (coming soon to Windows MSI).
--- a/src/windows-build.bat
+++ b/src/windows-build.bat
@@ -12,7 +12,7 @@ c:\python27-32\scripts\pyinstaller --clean -F --distpath=gam windows-gam.spec
 xcopy LICENSE gam\
 xcopy whatsnew.txt gam\
 xcopy gam-setup.bat gam\
-xcopy gamcommands.txt gam\
+xcopy GamCommands.txt gam\
 del gam\w9xpopen.exe
 "%ProgramFiles%\7-Zip\7z.exe" a -tzip gam-%1-windows.zip gam\ -xr!.svn
@@ -20,7 +20,7 @@ c:\python27-64\scripts\pyinstaller --clean -F --distpath=gam-64 windows-gam.spec
 xcopy LICENSE gam-64\
 xcopy whatsnew.txt gam-64\
 xcopy gam-setup.bat gam-64\
-xcopy gamcommands.txt gam-64\
+xcopy GamCommands.txt gam-64\
 "%ProgramFiles%\7-Zip\7z.exe" a -tzip gam-%1-windows-x64.zip gam-64\ -xr!.svn
 set GAMVERSION=%1
Author	SHA1	Message	Date
Ross Scroggs	de3be6ba52	Update documentation (#454 ) * Fix create project to handle Google change * Handle newlines in app name Don’t output name/value for name == u'accounts:authorized_apps’, apps are listed later * Cleanup My typos: 614, 813 Pylint: 887, 3618/4184, 8657, 8751 Your typo: 6794 * Update documentation	2017-03-22 22:05:57 -04:00
Ross Scroggs	81c2e425ef	Clean up (#453 ) * Fix create project to handle Google change * Handle newlines in app name Don’t output name/value for name == u'accounts:authorized_apps’, apps are listed later * Cleanup My typos: 614, 813 Pylint: 887, 3618/4184, 8657, 8751 Your typo: 6794	2017-03-22 20:39:44 -04:00
Jay Lee	4bf6b6fb96	What's new in 4.2	2017-03-22 16:56:37 -04:00
Ross Scroggs	4ed8497bd7	Minor fixes to showReport (#452 ) * Fix create project to handle Google change * Handle newlines in app name Don’t output name/value for name == u'accounts:authorized_apps’, apps are listed later	2017-03-22 15:45:20 -04:00
Ross Scroggs	738280bbe5	Fix create project to handle Google change (#451 )	2017-03-22 14:33:27 -04:00
Jay Lee	ad9384aeac	Soft errors on team drive functions	2017-03-22 13:59:38 -04:00
Jay Lee	67f5416858	Team Drive CSV and screen output	2017-03-22 13:34:28 -04:00
Jay Lee	51567ff5c4	fix report users, include msgValue items in report customer	2017-03-22 12:52:10 -04:00
Ross Scroggs	6f6a94c9b0	Handle bad data from Google in gam report customer (#450 )	2017-03-22 11:12:22 -04:00
Jay Lee	08bd3ecc91	Get 4.2 ready	2017-03-19 14:06:17 -04:00
Jay Lee	6ebc0f4e81	Moar v3, Moar Team Drive	2017-03-19 14:05:46 -04:00
Jay Lee	bf39798263	Update Drive ACLs to v3	2017-03-18 21:07:51 -04:00
Jay Lee	92521acfa3	More v3 work	2017-03-18 20:36:45 -04:00
Jay Lee	f8d43a19c1	User counts for gam info domain	2017-03-18 13:32:48 -04:00
Jay Lee	842ddc2a26	httplib 0.10.3, api-client 1.6.2	2017-03-18 12:17:19 -04:00
Jay Lee	bafed078e5	Fix report name for todrive	2017-03-17 22:07:41 -04:00
Jay Lee	8999fb84de	Switch report uploads to use SA, remove Drive scope	2017-03-17 20:05:06 -04:00
Jay Lee	3b162924c5	back to email scope, use SA for all Gmail API calls	2017-03-17 19:26:16 -04:00
Jay Lee	242c61205d	Switch Calendar to use SA only	2017-03-17 12:57:31 -04:00
Jay Lee	139727dd33	Use service accounts for Calendar ACLs	2017-03-17 12:39:17 -04:00
Ross Scroggs	a52341e29e	Improve API caching options, cache errors (#446 ) * Improve API caching options, cache errors * Clarify argument names * All or nothing caching I changed the argument names and implemented your proposal: nocache.txt: ignored allcache.txt present: all caching default: no caching	2017-03-16 11:23:42 -04:00
Jay Lee	c2358f60fb	More Team Drive Work	2017-03-16 06:23:12 -04:00
Jay Lee	c8ea108be3	Use https://git.io/gam	2017-03-15 19:40:17 -04:00
Jay Lee	8fdd0abc53	scopes for drive3	2017-03-15 16:46:52 -04:00
Jay Lee	f396b2f476	Create Team Drives, show permissions and info	2017-03-15 16:07:40 -04:00
Jay Lee	6e9413eada	drive3 API for Drive v3 API	2017-03-15 15:04:46 -04:00
Ross Scroggs	30a5467b82	Optimize License handling (#440 ) * Handle batch file errors, clean up commit-batch messages * Optimize License handling	2017-03-15 14:57:56 -04:00
Jay Lee	3ffa3ca5e5	If we can't get a safe filename, name the file after it's ID	2017-02-21 15:03:45 -05:00
Ross Scroggs	f0351b8bec	Handle batch file errors, clean up commit-batch messages (#439 )	2017-02-21 13:57:55 -05:00
Jay Lee	d8093fa1f0	Merge branch 'master' of https://github.com/jay0lee/GAM	2017-02-19 15:54:50 -05:00
Jay Lee	2080f33fdb	What's new in 4.12	2017-02-19 15:54:27 -05:00
Ross Scroggs	6a2925c546	pool.join required to wait for processes to finish (#436 )	2017-02-19 10:53:42 -05:00
Jay Lee	26960c96d9	Improve batch to handle CTRL+C and print status	2017-02-19 08:49:31 -05:00
Jay Lee	58a080fe6b	4.12, delete message fix	2017-02-18 17:20:49 -05:00
Ross Scroggs	3c3b7527a1	Clean up SKU handling (#432 )	2017-02-18 16:57:42 -05:00
Jay Lee	0d7028416a	Reduce key size	2017-02-13 10:26:25 -05:00
Ross Scroggs	aa6dca4b4c	Keep the pylint wolf at bay (#430 ) * Fix bug, update ducumantation * Clean up error messages * Exit on error, fix bug * One more bug fix * Update documentation, fix code l_sku can never match a_sku.lower() because it has -'s stripped and a_sku doesn't * Keep the pylint wolf at bay * Clean up code, avoid try/except	2017-02-11 08:31:34 -05:00
Ross Scroggs	3d7a7bd609	Update documentation, fix code (#429 ) l_sku can never match a_sku.lower() because it has -'s stripped and a_sku doesn't	2017-02-10 22:00:32 -05:00
Jay Lee	35854af1e9	Improve handling and display of licenses - displayName added so what admin sees better matches admin console - better aliases for each skuId - admin can specify exact productId they wanted (would have solved renaming of Enterprise SKU issue)	2017-02-09 09:35:54 -05:00
Jay Lee	4450652c32	Google Changed SKU for Enterprise license :-(	2017-02-08 14:44:02 -05:00
Ross Scroggs	d34e09f8d5	One more bug fix (#426 ) * Fix bug, update ducumantation * Clean up error messages * Exit on error, fix bug * One more bug fix	2017-02-07 12:33:25 -05:00
Ross Scroggs	610ba5bf6a	Exit on error, fix bug (#425 ) * Fix bug, update ducumantation * Clean up error messages * Exit on error, fix bug	2017-02-07 11:53:59 -05:00
Ross Scroggs	65debc6a27	Clean up error messages (#424 ) * Fix bug, update ducumantation * Clean up error messages	2017-02-07 11:18:31 -05:00
Ross Scroggs	61868d5fde	Fix bug, update ducumantation (#423 )	2017-02-07 11:01:59 -05:00
Ross Scroggs	998f4c6dff	Make reseller commands consistent (#422 )	2017-02-07 10:44:26 -05:00
Ross Scroggs	a2a8393775	Fix bugs (#421 )	2017-02-07 09:43:51 -05:00
Jay Lee	d9ec9d3af9	Merge branch 'master' of https://github.com/jay0lee/GAM	2017-02-04 14:59:07 -05:00
Jay Lee	7104b24633	more work on Reseller API	2017-02-04 14:57:42 -05:00
Ross Scroggs	9cd81c9148	Use different index for inner loop (#419 )	2017-02-03 19:42:59 -05:00
Ross Scroggs	56a60d1651	Fix add/update/delete smime when sendas argument not specified (#418 ) * Simplify by using existing function * add/update smime using 1st users email address when sendas not specified * Fix error messages, update documentation * Delete smile needs same fix * Delete/update have same problem with smimeId * Clean up names * Missed one	2017-02-03 18:27:55 -05:00
Ross Scroggs	1cdf02bc31	Simplify by using existing function (#417 )	2017-02-03 15:50:34 -05:00
Jay Lee	5b469496d6	Initial S/MIME support (requires Enterprise SKU)	2017-02-03 13:29:36 -05:00
Ross Scroggs	2a1d3a1ce1	Default encoding has to be set on multiprocess instances of gam (#416 ) * Default encoding has to be set on multiprocess instances of gam * Update documentation	2017-02-03 13:02:31 -05:00
Boris Hajduk	9b89492d83	We can now query 2SV status in the print users command (#415 )	2017-02-03 11:35:52 -05:00
Boris Hajduk	45b1eee8f3	early support to get info user info about 2-step verification enrollment (#414 )	2017-02-03 11:08:45 -05:00
Jay Lee	e9dda2079a	Add reseller API to projects to enable	2017-02-01 10:27:13 -05:00
Ross Scroggs	c279acbab8	Enhance print courses/course-participants (#413 )	2017-02-01 09:09:02 -05:00
Jay Lee	082cd9b087	First commit of Reseller API support	2017-01-31 16:06:32 -05:00
Ross Scroggs	7d2e5d674a	Handle user error in update labels (#412 ) * Get only required fields when processing messages * Handle customer id in group add/delete/sync/clear I always wondered what this was: if user_email != u'' Allow * to mean all users in group operations * Make pylon happy, handle user error in update labels	2017-01-31 15:48:47 -05:00
Ross Scroggs	b2d95c545d	Handle customer id in group add/delete/sync/clear  (#411 ) * Get only required fields when processing messages * Handle customer id in group add/delete/sync/clear I always wondered what this was: if user_email != u'' Allow * to mean all users in group operations	2017-01-31 14:52:21 -05:00
Ross Scroggs	127c3125ad	Get only required fields when processing messages (#410 )	2017-01-31 13:27:11 -05:00
Jay Lee	63f1e0d504	Merge branch 'master' of https://github.com/jay0lee/GAM	2017-01-31 12:53:32 -05:00
Jay Lee	1ad10b6954	G Suite Enterprise SKU	2017-01-31 12:53:00 -05:00
Ross Scroggs	820cf98087	Fix typos in new messages/threads command parsing (#407 ) * Soft error when getting group members, fix typo * Fix typos	2017-01-27 14:54:12 -05:00
Jay Lee	15bd6beebd	Threads and batch support for Gmail modify/delete	2017-01-27 11:03:25 -05:00
Ross Scroggs	31871f192c	gam group <GroupName> should only return users except when updating groups (#406 )	2017-01-26 15:18:34 -05:00
Ross Scroggs	7acfa4a2ac	Handle newlines in various description fields (#405 )	2017-01-26 14:34:46 -05:00
Ross Scroggs	e212d68d60	Move project-apis.txt URL to var.py so all urls are in same spot (#403 )	2017-01-26 13:27:22 -05:00
Ross Scroggs	6aeee89ee4	Handle group members of type CUSTOMER (#402 )	2017-01-26 13:06:15 -05:00
Ross Scroggs	623572a652	Soft error when getting group members, fix typo (#401 )	2017-01-26 11:07:20 -05:00
Jay Lee	f7c587c08b	no argument to -l	2017-01-25 15:30:33 -05:00
Jay Lee	da1f346b1a	-l argument to bash script for upgrade only	2017-01-25 15:27:12 -05:00
Jay Lee	056b56ed78	GAM 4.11 part 2	2017-01-25 14:31:20 -05:00
Jay Lee	791581b850	GAM 4.11	2017-01-25 14:29:36 -05:00
Ross Scroggs	08f426ba09	Allow suppression of empty entries in multivalued schema fields (#399 )	2017-01-25 14:21:58 -05:00
Jay Lee	54371cffff	remove .apps.googleusercontent.com from client id for auth	2017-01-25 11:35:33 -05:00
Jay Lee	c7946c0edf	remove access_type=offline to shorten auth URLs as it's default already	2017-01-25 11:22:25 -05:00
Jay Lee	ae578c64a0	rename to simplehttp so we don't affect http	2017-01-25 09:02:11 -05:00
Jay Lee	08bc1898cc	fix splitlines	2017-01-25 08:57:23 -05:00
Jay Lee	dc626b1b3e	always use httplib2 so we are consistent with TLS verify, debug output, etc	2017-01-25 08:53:33 -05:00
Ross Scroggs	7283e06750	Allow newlines in calendar event descriptions. (#398 )	2017-01-24 15:36:12 -05:00
Ross Scroggs	c76368509e	rint start_time and end_time as dates in gam reports; handle bad data from Google (#397 )	2017-01-24 14:51:43 -05:00
Jay Lee	b54eb97f6b	Use profile instead of email scope since it's 1 less scope ultimately	2017-01-24 14:50:26 -05:00
Jay Lee	2d997fb046	silence noisy oauth2client helpers	2017-01-24 14:49:37 -05:00
Jay Lee	e2cf769b20	short URLs fix back	2017-01-24 14:48:44 -05:00
Jay Lee	281786b3b9	prettify oauth2.txt	2017-01-24 14:04:56 -05:00
Jay Lee	b06b8608d0	googleapiclient 1.6.1	2017-01-24 14:03:03 -05:00
Jay Lee	22dc39eb85	Merge branch 'master' of https://github.com/jay0lee/GAM	2017-01-24 14:00:32 -05:00
Jay Lee	4a894958f0	oauth2client 4.0	2017-01-24 14:00:07 -05:00
Ross Scroggs	38273a786a	Supply missing imports in utils.py (#396 )	2017-01-24 13:47:56 -05:00
Jay Lee	6ba0a5d942	4.1 whatsnew.txt	2017-01-24 13:20:05 -05:00
Jay Lee	2ad731f4e0	GAM 4.1	2017-01-24 13:15:16 -05:00
Jay Lee	a491fb5471	Update ToS page for projects	2017-01-24 13:14:45 -05:00
Jay Lee	33cfb940b4	remove accidental break	2017-01-24 12:17:52 -05:00
Jay Lee	46b79334e4	pull APIs from GitHub master, import urllib2 once	2017-01-24 12:15:11 -05:00
Jay Lee	a7e841bcba	put APIs to enable for project in own file to pull live	2017-01-24 12:00:17 -05:00
Jay Lee	f2400b35b0	Update API list for create project	2017-01-16 15:29:25 -05:00
Ross Scroggs	31058336ce	Fix typo, clean up imports (#381 ) * Fix typo, utils.py needs a few globals * Clean up imports	2017-01-04 20:23:53 -05:00
Ross Scroggs	ac2cbef7f8	Fix gam transfer drive to properly handle orphaned files (#380 )	2017-01-04 19:19:49 -05:00
Ross Scroggs	d7187ff998	When default SKU/Product list is used, sort it so output is cleaner (#379 )	2017-01-04 17:57:23 -05:00
Ross Scroggs	2cc79f44ea	Update licenses (#376 ) * Update documentation for new license aliases Add government as in PR #362 * Allow full SKU to be specified	2016-12-31 11:50:39 -05:00
Jay Lee	067a67c14e	Update README.md	2016-12-31 11:32:40 -05:00
Ross Scroggs	054addfa9b	Fix typo in documentation (#375 )	2016-12-31 10:42:43 -05:00
Jay Lee	6b7cf875de	utils.py for simple util functions	2016-12-29 16:32:22 -05:00
Jay Lee	581e31499b	move more vars to var.py	2016-12-29 15:44:33 -05:00
Jay Lee	a5883a8429	consolidate license info	2016-12-29 14:31:54 -05:00
Jay Lee	95c2d91a5b	pull variables into their own file	2016-12-29 13:55:14 -05:00
Ross Scroggs	9f487d57fb	Get just the field we need in info user licenses (#374 )	2016-12-27 18:28:21 -05:00
Ross Scroggs	e0d278e7ea	Added count and allfields arguments to gam print groups (#373 )	2016-12-27 15:30:09 -05:00
Ross Scroggs	36725c3574	Fix typo, update documentation (#372 )	2016-12-27 12:44:50 -05:00
Ross Scroggs	8c911215b1	Site Verification API should be included in project APIs (#371 )	2016-12-27 12:37:35 -05:00
Ross Scroggs	2b57a976c2	Clean up new batch licensing (#370 )	2016-12-27 11:49:37 -05:00
Ross Scroggs	4817ce282a	Handle suspended users with calendar commands; improve show calsettings output (#369 )	2016-12-27 11:34:45 -05:00
Ross Scroggs	2da6666587	Add directmemberscount to list of group field names (#368 )	2016-12-27 11:00:52 -05:00
Jay Lee	07f1bc050a	Improve user info response with license batching	2016-12-27 10:57:18 -05:00
Ross Scroggs	9135e15b12	Fix error handling for nonexistent users in data transfers (#367 )	2016-12-27 10:31:26 -05:00
Ross Scroggs	5c32a86257	Use patch instead of update in doUpdateCustomer, update is broken (#366 )	2016-12-27 10:08:31 -05:00
Ross Scroggs	d5bcac4d14	Fix run-batch to handle 0 items (#363 )	2016-12-21 15:04:30 -05:00
Ross Scroggs	73bcadbbfe	Handle Google-Apps-For-Government (#362 )	2016-12-21 14:05:59 -05:00
Jay Lee	d3091d3dd8	Update README.md	2016-11-20 15:39:46 -05:00
Jay Lee	f9ab78e393	update some strings to G Suite	2016-11-20 14:18:28 -05:00
Jay Lee	7a94077906	Update README.md	2016-11-20 13:58:36 -05:00
Jay Lee	6b438c3a46	Update README.md	2016-11-20 13:57:45 -05:00
Jay Lee	5383ed22ea	Update README.md	2016-11-20 13:53:22 -05:00
Ross Scroggs	dbd09daa33	Fix Windows multiprocessing (#346 ) * Fix Windows multiprocessing * Clean up Windows initial setup	2016-11-19 13:23:33 -05:00
Ross Scroggs	25ace13a3d	Handle additional run_batch calls (#344 )	2016-11-19 07:16:23 -05:00
Ross Scroggs	8fc6112e32	Handle folder alternateLink (#343 )	2016-11-18 19:36:54 -05:00
Ross Scroggs	ac2eb99d63	Handle Google mis-reporting invalid group in gam print groups settings (#342 )	2016-11-18 18:32:55 -05:00
Ross Scroggs	43707d8074	Create missing label with gam add filter (#340 ) Restores behavior present with Email Settings API	2016-11-18 17:33:43 -05:00
Jay Lee	b0b3c18e99	use multiprocessing instead of threading to take advantage of multi CPU systems	2016-11-18 15:45:57 -05:00
Jay Lee	349f2801c5	Improve batch performance * Use a single GAM / Python process for all threads (needs testing, will sys.exit in a function cause issues?) - Huge reduction in useless time spent starting Python per-thread. * Bump default from 5 threads to 25. * Introduce default_to_batch for some user commands where it makes sense. - most show/print commands will default to batch off. - most do / update commands will default to on.	2016-11-18 10:19:19 -05:00
Ross Scroggs	658e7beb2b	Standardize handling oauth2.txt (#337 )	2016-11-17 11:57:10 -05:00
Ross Scroggs	e777eb6c99	Handle Google reporting invalid when getting group settings (#335 )	2016-11-16 12:45:04 -05:00
Ross Scroggs	8a6ce43ad3	Do not get settings for special groups abuse and postmaster (#334 ) * In gam print groups settings, get gs service outside of loop * Do not get settings for special groups abuse and postmaster * Do not set settings for special groups abuse and postmaster	2016-11-15 22:36:59 -05:00
Jay Lee	72d182032b	point to create project / check serviceaccount rather than Wiki	2016-11-15 13:25:54 -05:00
Ross Scroggs	9b8189a3e4	In gam print groups settings, get gs service outside of loop (#333 )	2016-11-15 09:21:05 -05:00
Jay Lee	14eb9ca3f8	Cleanup signature/vacation processing (#332 )	2016-11-14 16:22:58 -05:00
Ross Scroggs	cc2cba8c70	Cleanup signature/vacation processing	2016-11-14 13:16:07 -08:00
Ross Scroggs	17660220fe	Added html argument to gam add sendas/update sendas/signature to control newline (NL) processing when signature is read from a file. (#331 )	2016-11-13 15:27:15 -05:00
Ross Scroggs	d5538a79da	Update NL handling in doSignature and doVacation (#330 )	2016-11-13 13:48:32 -05:00
Ross Scroggs	fc5cd1c219	Improve Unicode handling when reading files. (#329 )	2016-11-13 13:02:00 -05:00
Ross Scroggs	e10e63a87f	Cleanup doDelProjects/doCreateProject (#327 ) Move common code to get CRM service into separate routine Have delete projects get login_hint like oath create and create project	2016-11-12 16:09:17 -05:00
Ross Scroggs	93b05de15e	Update build scripts (#326 )	2016-11-12 13:07:19 -05:00
Ross Scroggs	a6a94060c6	Standardize getting login_hint for create project and oauth request (#325 ) * Use RE to validate login_hint email address http://stackoverflow.com/questions/201323/using-a-regular-expression-to- validate-an-email-address Per the W3C HTML5 spec: * Use simpler RE pattern for email validation	2016-11-11 11:26:17 -05:00
Jay Lee	a12ec0ffdc	Google API Client 1.5.5	2016-11-11 09:34:02 -05:00
Jay Lee	ae5d484309	GAM 4.03	2016-11-11 09:23:01 -05:00
Jay Lee	2cdcc6f5ad	gam-install.sh fix for Ubuntu 16+ where python 2 not always present	2016-11-10 20:28:48 -05:00
Jay Lee	3699e0199b	mktemp fix to run on OS X 10.10	2016-11-08 22:02:20 -05:00
Ross Scroggs	5ec417d50c	Validate full email address on gam oauth create <EmailAddress> (#321 ) * Validate full email address on gam oauth create <EmailAddress> * Update documentation	2016-11-08 16:32:38 -05:00
Ross Scroggs	240edd6812	Simplify doCheckServiceAccount (#320 ) * Simplify doCheckServiceAccount * Further simplify doCheckServiceAccount List of scopes is all we need * Build all_scopes list outside of loop, sort once * Leave use_scopes in buildGAPIServiceObject for future use	2016-11-08 10:33:35 -05:00
Jay Lee	faa1b87926	Merge branch 'master' of https://github.com/jay0lee/GAM	2016-11-07 12:23:09 -05:00
Jay Lee	08a9764465	delete projects (undocumented), catch API ToS errors and try to point admin to correct URL before retrying.	2016-11-07 12:22:54 -05:00
Ross Scroggs	e3a73ce7d1	Process NLs in user structured/formatted addresses (#319 )	2016-11-07 10:40:04 -05:00
Ross Scroggs	d75a5e78a5	Have doCreateProject find proper JSON files (#318 ) As in https://github.com/jay0lee/GAM/pull/313, factor in the user's environment variables. On a new installation, the files will be in GAM Path, but on an existing installation the environment variables may have them located somewhere else.	2016-11-07 10:21:55 -05:00
Jay Lee	6a179215d6	sendNotifications = None	2016-11-05 20:14:05 -04:00
Ross Scroggs	c2dc2f0712	Fixes/Updates (#317 ) GamCommands.txt Update documentation gam.py doCheckServiceAccount Correct my previous update - Lines 1211/1241 doCalendarDeleteEvent: Eliminate duplicate events - Line 3337 Fix error message - LInes 3344/2245 Pass sendNotifications to API - LInes 3323,3349 doCalendarAddEvent Update error message - LIne 3461 doGetCrosInfo Add query capability - Lines 7992/8078	2016-11-05 20:12:51 -04:00