Thanks to @chadnielsen on macadmins#g-suite - Comment out line 39 to audit rather than remove

remove-false-google-docs-g-suite-tokens.sh

#!/bin/bash

# Scan and Remove False Google Docs Tokens
# Assumes GAM is installed. Change the path if you need to.

###################################[ VARIABLE DEFINITIONS ]################################## 

#set -x
runINT="3600" #seconds
runDATE=$(date +%d-%m-%Y-%H-%M)
pathGAM="/Users/$USER/GAM/gam.py"
pathFOLDER="/Users/$USER/Desktop/GAM_AUDIT"
pathTOKENS="$pathFOLDER/GAM_Tokens_$runDATE.txt"
pathUSERS="$pathFOLDER/GAM_Affected_Users.txt"

######################################[ SCRIPT BEGINS ]######################################
##############################[ DO NOT MODIFY BELOW THIS LINE ]##############################

main() {
	# Generate a list of tokens
	mkdir -p "$pathFOLDER"
	"$pathGAM" all users show tokens > "$pathTOKENS"

	# Read each line of the token file
	while read -r line; do
		# Get the user
		if [ `echo $line | grep -c "User: "` -gt "0" ]; then
			userID=$(echo "$line" | awk '{print $2}' | tr -d ",")
		fi
		# Get the token
		if [ `echo $line | grep -c "Client ID:"` -gt "0" ]; then
			userToken=$(echo "$line" | awk '{print $3}' | tr -d ",")
		fi
		# Check to see if the token matches the false one and remove it
		if [ `echo "$line" | grep -c "displayText:"` -gt "0" ]; then
			if [ "$line" = "displayText: Google Docs" -o `echo "$line" | grep -c ".apps.googleusercontent.com"` -gt "0" ]; then
				echo "False or revoked token found under $userID." | tee -a "$pathUSERS"
				echo "Removing token $userToken" | tee -a "$pathUSERS"
				"$pathGAM" user "$userID" delete token clientid "$userToken"
			fi
		fi
	done < "$pathTOKENS"
	echo "Waiting $runINT seconds before scanning again..."
	sleep "$runINT"
	main
}

######################################[ FUNCTION CALLS ]##################################### 

main