Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Calling a Google Apps Script web app with access token

I need to execute a GAS service on behalf of a user that is logged to my system. So I have her/his access token. I would like somehow to transfer the token to the web app and without having to authorize again the user to use it for some activities. Can this be accomplished? Thank you.

EDIT: I think I didn't explain right what I try to accomplish. Here is the work flow I try to achieve:

  1. We authorize a user visiting our website using OAuth2 and Google;
  2. We get hold of her/his access token that Google returns;
  3. There is a Google Apps Script web app that is executed as the user running the web app;
  4. We want to call this app (3) by providing the access token (2) so Google not to ask again for authorization;
  5. Actually, we want to call this app (3) not by redirecting the user to it but by calling it as a web service.

Thanks

like image 875
Martin Dimitrov Avatar asked Feb 10 '23 14:02

Martin Dimitrov


1 Answers

Martin's answer worked for me in the end, but when I was making a prototype there was a major hurdle.

I needed to add the following scope manually, as the "automatic scope detection system" of google apps script did not ask for it: "https://www.googleapis.com/auth/drive.readonly". This resulted in UrlFetchApp.fetch always giving 401 with additional information I did not understand. Logging this additional information would show html, including the following string

Sorry, unable to open the file at this time.</p><p> Please check the address and try again.

I still don't really understand why "https://www.googleapis.com/auth/drive.readonly" would be necessary. It may have to do with the fact that we can use the /dev url, but who may use the /dev url is managed is checked using the drive permissions of the script file.

That said, the following setup then works for me (it also works with doGet etc, but I chose doPost). I chose to list the minimally needed scopes explicitly in the manifest file, but you can also make sure the calling script will ask for permissions to access drive in different ways. We have two google apps script projects, Caller and WebApp.

In the manifest file of Caller, i.e. appsscript.json

{
  ...
  "oauthScopes": 
  [
    "https://www.googleapis.com/auth/drive.readonly",
    "https://www.googleapis.com/auth/script.external_request"]
}

In Code.gs of Caller

function controlCallSimpleService(){

  var webAppUrl ='https://script.google.com/a/DOMAIN/macros/s/id123123123/exec';

//  var webAppUrl = 
//  'https://script.google.com/a/DOMAIN/macros/s/id1212121212/dev'

  var token = ScriptApp.getOAuthToken();

  var options = {
    'method' : 'post'
    , 'headers': {'Authorization': 'Bearer '+  token}
    , muteHttpExceptions: true
  };

  var response = UrlFetchApp.fetch(webAppUrl, options);
  Logger.log(response.getContentText());
}

In Code.gs of WebApp (the web app being called)

function doPost(event){
  return ContentService.createTextOutput("Hello World");
}
like image 63
jano Avatar answered Mar 06 '23 18:03

jano