I wrote two small Google Scripts that present simple forms to fill in. Most of my user community has no trouble using them. A small minority of users can never open the forms, instead they get "Sorry, unable to open the file at this time" error page for both forms. I can't find any common thread for why only some users fail. I've tested on multiple browsers on multiple machines, even on android devices, it never fails for me.
A couple of things I've noted:
when it fails for them the URL is re-written. The proper url starts with https://script.google.com/macros/s/... but for broken users when they paste that in they instead get https://script.google.com/macros/u/3/s/... (notice the "u/3" at the end)
There is no execution log created when they try to access the site, so I have no way to debug what's going on.
The app is permissioned so "Anyone" can access it, and it runs as my account
Sorry, I realize this problem description is impossibly vague. Any debug suggestions would be extremely welcome. I'm not a regular Google App Script developer, so I'm kinda stumbling in the dark with this one. Thanks in advance.
/u/3 means that the user have signed-in into multiple Google accounts, the number correspond to the zero-based index of the account in the order that the user followed to sign-in, 0 is for the default account, 1 is to de second account, 2 is for the thirds account and so on.
So, on your test include this use case, a user signed-in into multiple Google accounts.
NOTE: It's known that the HTML Service do not handle as expected this use case.
Related
AuthMode gets confused w/ multiple logged in users
We're sorry, a server error occurred while reading from storage. Error code PERMISSION_DENIED
Why is my script pushing an incorrect URL? [/u/2 inserted into script URL] (possible duplicate)
Related
I started quite recently experimenting with web apps, and I am now busy getting them to run across accounts within my organization.
I need to update labels to Gmail emails across these accounts, as well as update a shared spreadsheet. I trigger my scripts via a get request triggered from the client details spreadsheet, which identifies the email threads in the associated accounts and applies them a label.
For this to work without having to create a web app per account executed as the owner of the account, I imagined that a deployment executed as the user who executes the trigger would just do it. However, doing so results in an html response that seems to be an authorization screen from Google.
I am not very familiar with the required authentification concept in this case, as I had no issue since a year than I work with Google scripts. I guess Google should show the authentification prompt like they always do, but in this case it's not showing up.
It works fine when the app is run as myself, but I’d hate to have to replicate and maintain the project on each account, even though that is a way to achieve the result.
I read a number of articles, but many did not apply to my situation, and others were beyond my current skill to try them all out. I also tried a few things in the cloud console but I am too noob to get my head around it fully.
I use the required oAuth scopes and don't see what can be missing. I tried putting "Authorization": "Bearer " + ScriptApp.getOAuthToken() in my request's headers but this makes no difference.
Thanks in advance for your help!
As title says...
BUT, I've made a web app for output some result based on a data search using parameters submitted in a google form in my google site.
I work in a school so no way that all teachers has, or want to use, or want to waste time just for know which labs are available in some time slots.
I really need that everyone can run web app ... obviously I deployed it with access anyone, even anonimous but
https://sites.google.com/itsluigicasale.gov.it/prenotazionilab/trova-un-laboratorio-libero
have I made some errors?
is there any workaround?
I'd like to use it without access or ask for permission for the users
I am using, since a long time, a Google script that accesses my YouTube channel, gets and modifies some information from it and saves some data in a Google sheet.
It always worked fine, but then, about a week ago, Google somehow split my access rights between my normal account (primary email) and my YouTube account (that goes under a different nickname).
I cannot find a way to run even the simplest command:
var my_playlists = YouTube.Playlists.list('snippet', {
mine: true,
maxResults: 50,
})
.items;
The problem is that google now prompts me with an authorization page and I can choose between 2 accounts. One is my primary account, the other is the YouTube one.
If I choose my primary account, the code runs but I cannot see the data of the YouTube account.
If I choose the YouTube one, I still cannot access the data I want and it keeps asking for permission every time I run the code.
I understand there is a problem of authorization between the two channels, but I did not have it before and cannot find any suggestion to solve it.
What can I resolve this problem?
I've been struggling with the exact same issue but for another cause.
Anyways, so far I can manipulate anything I want within my PERSONAL youtube account, granting access using OAuth to MY ACCOUNT, but if grant access to my branded account, the script doesn't even begin, apparently it's a bug that causes loop in the script.
You can check this out for more info:
YouTube Apps Script API only runnable by accounts without a YouTube channel?
https://issuetracker.google.com/issues/36764531
https://mashe.hawksey.info/2017/09/identity-crisis-using-the-youtube-api-with-google-apps-script-and-scheduling-live-broadcasts-from-google-sheets/
Using Youtube Data API to Edit with Brand Account Playlist
Retrieve/Update Google-Contacts from Apps Script (Spreadsheet)
Environment Desc:
We have a shared spreadsheet belonging to a domain-account "PrimContact" where we also manage our contacts.
The spreadsheet is shared with selected users in the domain with r/w-access.
Workflow so far: after making changes to the spreadsheet persist those changes through script-call.
This api-call was authorized via clientAuth and as of a few days that won't work anymore.
Through clientAuth we were able to allow all the users to manipulate the sheet and finally update
the contacts of the targeted contact (PrimContact).
Problem:
Reading up about deprecation of clientAuth I tried, and somewhat succeeded, to change
authentication to OAuth2. As I understand things there are two ways I can authenticate a
user. Through a clientAccount or via serviceAccount.
SideNote: The following two pages helped a lot in getting it done, especially for serviceAcc.
[1]client account with: https://github.com/googlesamples/apps-script-oauth2
[2]service account auth with: https://github.com/mcdanielgilbert/gas-oauth2-gae
For that to work I added a project to PrimContact-user and created both a web-account and a
service account. Using aforementioned scripts as a starting point authentication works too, but
in the end it's not what I am trying to accomplish.
Client Account: the script is calling the api (contact-api) with an access token for the currently
logged in client although I provided the clientId of the PrimContact-user. Now I COULD run the script as PrimContact-user beforehand and store the token
in the document. If the access-token has not expired yet the other users can work with this
token just fine and therefore "operate" on the PrimContact-data. But as soon as the token
expires I would have to call the script as PrimContact-user again, which is not to very comfortable.
Service Account: got it working with gas-oauth2-gae, but the contact-list is empty. The call
itself is successfull though. I guess this is due to the service account not being tied to
the PrimContact-user although the project is associated with this user?
Goal:
Making an api-call (contacts) inside google-apps-script(spreadsheet) used by different users and
manipulate contact-data of a different account, i.e. the account who originally shared the spreadsheet.
Maybe I'm getting the whole idea of OAuth2 completely wrong, so far my understanding of the
clientAccount-thing is that the currently logged in user allows the project (which belongs to the
PrimContact-user) to manipulate the data of the currently logged in user.
What data the service-account-authenticated call is manipulating.. I'm not quite sure..
If it helps I can add the code-snippets, but as everythings "working" & still not doing what
I really need it to do I'm not sure if it's helpful.
If I specify access_type=offline in the auth url and a user attempts to auth a second time I get a box that says it is asking for offline access.
I would have expected it to be already authorised and so not require additional permissions
Any ideas?
Edit:
A bit more info. The first time around it makes no mention to the user of needing offline access. I would have thought the offline permission to be mentioned in the original auth anyway.
Edit 2:
Some more info on my use case. It is possible in our system for a person to have two accounts but then use the same google drive account. This means that we have no way of knowing that user has already authorized with google and so have to present the authorization again for the second user.
The first time around (for user 1) you are told that the app is asking for :
View and manage Google Drive files that you have opened or created
with this app
View and manage the files and documents in your Google
Drive
The second time around (for user 2) you are told the app is asking to:
Have offline access
This seems wrong to me.
As an aside:
The whole "have offline access" statement is very confusing for a user and also quite misleading. Most people assume this means the app can read the contents of your pc. In fact it means that the app can authenticate with your account with out you being there (i.e. using a refresh token).