I have a web app to be listed in the google workspace marketplace. I have a list of scopes that is needed to solve my use case. I have the dev version as a private app which uses the service account, tested all the functionalities and made sure everything is working fine.
Now how do I test how the flow is going to look like for the public app? I understand if someone from my own domain installs the app, I will be able to get the data but the public flow through the service account is still unclear for me.
You can test your add-on with a limited list of defined external users.
To do that, you must set the User type as External > Testing within the Oauth consent screen settings in Google Cloud Console.
Keep in mind that only the users defined in the settings will be able to test the app however.
You may find more information here and here
Related
I have created the one add-on.
I have used this link to test and deploy the add-on.
https://developers.google.com/apps-script/concepts/deployments
I have added 3 person's Gmail IDs as test users in the configuration of the google cloud project. Then I come to my spreadsheet and I am able to see the add-on there. But in the other person, I am not able to see the add-on.
I am not getting where I had done a mistake.
Can anyone guide me on this?
Like how to deploy the add-on in the local server, which can be accessible to the user and the user can't access the code. They can only test the add-on.
Google Workspace Add On
I would like to clarify your question with some insights.
Deploying an add-on to a local server is a feature that is not available over App Script.
In order for a user to manage and test an add-on, it would need to have "Editor" Access, this would basically give him access to the code, so it would not be possible to avoid the user to access that data.
As suggested by the official documentation, on how to share and test with developers, you added 3 users for testing under the OAuth consent screen is used for the scopes that would be used over the add-on and the project information.
An alternative would be if you have a Google Workspace account and the test user are part of the domain, to start the process to publish the application as private over the consent screen and that way is downloadable or active for certain members of your domain by following the steps on how to publish:
https://developers.google.com/workspace/marketplace/how-to-publish
You can manage what application users access the marketplace over the Admin console or by publishing as "Unlisted" and sharing the direct URL of the app's store page.
I also recently discussed a similar scenario over this thread if you would like to review more about the Add-On.
References:
https://developers.google.com/apps-script/add-ons/how-tos/testing-workspace-addons
https://support.google.com/cloud/answer/10311615
https://developers.google.com/workspace/marketplace/enable-configure-sdk
I'm trying to wrap my head around how the publishing options for Google Apps Script web-apps work. I have a GAS project that delivers a JSON API. I want other non G-Suite services to be able to call the web-app URL. I am on G-Suite enterprise and my GAS project is created in our GCP organization.
When I publish the web-app there are three options:
myself
anyone in my organization
anonymous
For various reasons, I cannot use the anonymous and obviously myself option won't work. So I have to use the anyone in my organization option.
Now, when a human, logged into a G-Suite account that is in the organization, goes to my web-app URL it will work as expected.
I have another web-site, outside of my organization. I want that web-site to call the web-app URL. I know everything online says to use the anonymous option but I cannot.
So I am wondering what options I have. I had some ideas but not sure:
Do something such that my web site server/account has a G-Suite account that is in the organization. That way, when the web server makes a call to the web-app URL it would look like its coming from a G-Suite account that is in the organization. Does that make sense?
Make the call to the web-app URL and pass some token information that would tell GAS to allow access.
Are either of these possible? Or are any other ways possible?
I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps
I have to write a small reservation web app to be used inside the company where I work. I decided to try out Google Apps Script (GAS). In short, the user must be able to select any equipment in a list and submit it along with a date he's planning to use it and his identification (this small system must implement the complete CRUD).
The environment:
Google Spreadsheet as a database
Interface made with GAS published as a Web App
The app will be accessible just to members of the company's domain, but I'm developing it in my personal account for now.
In the development environment, everything works fine. Then I deploy it as web app the project (Execute app as: Me; Who has access to the app: anyone). When anyone acess the link, I can't retrieve the user information (Session.getActiveUser().getEmail()). It always retrive the developer information (my information). If I switch the "Execute app as" to "User accessing the app", then the app can't access the spreadsheet that is making the role of the database. In the development environment this works fine.
The rest of the web app is working fine. I just wanted to get and record the identity (email) of who made de reservation in an automatic way (not by asking the user to type this information).
Do I have to setup something else before people can access it?
Thanks in advance.
[EDIT 1]: The situation changed a little bit. I made a few more tests and it seems that the deployed web app get updated just when I save it as a new version in the project. Anyway, I still can't retrieve the active user email. The Session.getActiveUser().getEmail() now returns a blank string.
[EDIT 2]: Following Sujay Phadke's answer bellow, I tried migrating the web app to the company's environment. It worked like a charm.
Juliano
It's well documented here: getActiveUser
When the webapp permissions are set as "execute as me", it seems that the returned userid string will be empty. It also depends on your specific domain permissions as mentioned there.
I'm using free Google Apps subscription and I've published self-made extension in Chrome Store. Also, I need to restrict access to that extension to only my domain users.
I tried to follow Google manual, but I couldn't get access to 'Device management > Chrome management' (got an unexpected redirect from 'Device management' page to Apps list while clicking on 'Chrome management' link) and there was no option 'everyone at mydomain.com' into extension 'Visibility section' — only 'trusted testers'.
So, maybe it's because of my free subscription or it's Google Apps issue or I do something wrong?
No, That feature (and process) is only available for Google Apps for work and Education accounts.
However, you can try to restrict access to your chrome extension (using your free account) before publishing it to public by publishing it to test accounts.
Publishing to test accounts
When you publish to test accounts, your app’s store listing only appears to you and any users who are logged into these test accounts that you specify. Your app won’t appear in search results, so you’ll need to give testers a direct link to your app’s listing. Testing also gives you a chance to see how the license server integrateswith your app if you plan to charge your it using Chrome Web Store Payments.
To edit your list of accounts, click Edit your tester accounts. You can enter single accounts, or create a Google Group so that this set of users can test your app. See the section below to learn how to set up Group Publishing.
Once you’re ready to publish, click Publish to test accounts.
You’ll need to unpublish the app if you want to publish to the world later.