Google Apps Script doGet(e) get user email - google-apps-script

CURRENTLY
I want to collect the user email of users accessing my Google Apps Script webapp.
To achieve this I set Execute as "Me", with Who has access: "Anyone with Google account"
function doGet(e) {
let userEmail = Session.getActiveUser().getEmail()
return HtmlService.createHtmlOutput(
"<!DOCTYPE html><html><body>Email: "+userEmail+"</body></html>"
);
}
The deployment then has an EXEC link created:
https://script.google.com/macros/s/1234................56789/exec
ISSUE
When the execution link is accessed by a user in Incognito window, IE, or Firefox, the user is asked to log in on Google.
After the user logs in, the page returns:
Email:
WHAT I WANT
User access exec link, and is prompted to log into google
After logging into google, user receives HTML:
Email: users#email.com
NOTES
I recently tried adding:
"oauthScopes": [
"https://www.googleapis.com/auth/userinfo.email"
],
but this had no effect.

I believe your goal as follows.
When an user is logged in Google and access to the Web Apps, you want to retrieve the user's email address.
Modification points:
From your question, I confirmed that you deployed the Web Apps as Execute as: Me and Who has access to the app: Anyone with Google account. In this case, in order to achieve your goal, please deploy the Web Apps as follows.
Execute as: User accessing the web app and Who has access to the app: Anyone with Google account
And also, in this case, please redeploy the Web Apps as new version.
After you reflected above settings to the Web Apps, please test it again. In my environment, when an user who is not the owner of Web Apps accesses to the Web Apps, the user's email can be shown by your script. But, the user accesses to the Web Apps for the 1st time, it is required to authorize the scope of https://www.googleapis.com/auth/userinfo.email.
Note:
If above settings didn't resolve your issue, as a test, please remove "oauthScopes": ["https://www.googleapis.com/auth/userinfo.email"], from appsscript.json and test it again.
References:
Web Apps
Taking advantage of Web Apps with Google Apps Script

Related

Apps Script (Google Sheet) not allowing me to Run Script

I have a fairly simple dataset in a Google Sheet. I created an AutoSort script. I saved it, and when I click "Run," I get the following errors. One from a pop-up, and another from the Execution Log.
Pop-up error:
Authorization required
This project requires your permission to access your data.
*For this error, there is a button to "Review Permissions" and I log in using my google account and then just nothing happens.
Execution Log error:
Warning This project requires access to your Google Account to run. Please try again and allow it this time.
The Owner of this Google Sheet is my personal Gmail account, and I am making these edits and created the script using my business Gmail Admin account. I also tried to access this sheet and run the script USING my personal Gmail account, and received the same error:
Google hasn’t verified this app
The app is requesting access to sensitive info in your Google Account. Until the developer ({mypersonalemail}#gmail.com) verifies this app with Google, you shouldn't use it.
Any insight as to how I can authorize this would be appreciated. It sounds like something small I'm missing.
Also, in my personal email I receive a message with subject:
Review edits to your Apps Script project within your document
and it allows me links to access the worksheet and the script, but I don't see any way to approve the edits, or anything like that.
Expected behavior: What I am expecting is for the script to Run, when I click "Run."
It's not a good idea to mix accounts from different domains, specially when using a free account and a Google Workspace account like you have done because that is the cause of the situation that you are facing.
My hypothesis is that the Google Cloud default project linked to the bounded script is created with the account used to create the project.
If you need that you personal account be the spreadsheet owner the best is to create the script using the personal account, and when needed, create a Google Cloud Standard project (GCSP) using the the personal account. You might try to fix the problem with your spreadsheet and the current Apps Script project by creating a GCSP, as was mentioned previously, by using the account that is the owner of the spreadsheet and linking it to the Apps Script project.
Note: If your script is using sensitive scopes you might have to set the OAuth Consent Screen publishing status to tes and add your Google Workspace account as tester.
Ref: Setting up your OAuth consent screen
Once you have finished the setup of your Google Apps Script project you should be able to use your Google Workspace account to update and run the Apps Script code but any new deployment and new version should be done using your personal account.
If you have access to Shared Drives and are allowed to use them for your spreasheet, consider to move it to a Shared Drive as this will make a lot easier to manage your script.

Why my Google Apps Script permissions are revoked after few days?

I made a simple Telegram bot that runs on Google Spreadsheet with a help of Google Apps Script.
It does a lookup in sheets and optionally saves an uploaded file to my Google Drive.
Previously it was a Script attached to the Spreadsheet. Later Google suggested to create an App in Google Cloud Console and assign the script to that App id, so all API calls are accountable.
Script app is not verified and runs in "Publishing status: Test" mode. I only need it to access my account's data.
The permissions I gave to the script (access to Sheets, Drive) get automatically revoked without any notice after about 2-3 days, and the bot stops working. Until I revisit the Shpreadsheet, open Extensions - Apps Script, run any function and it asks for authorization again. Then the bot works for a couple of days more.
How can I make the permissions I give permanent?
Permissions I granted (again) to my app:
Updated menu of the Spreadsheet app:
From Setting up your OAuth consent screen > Testing
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Considering the above you have to get your app to be verified by Google.

Deploy Appscript as Webapp from Google sheet Add-on

I want to create a Google sheet add-on where the user can create an HTTPS endpoint in his sheet, that can act as a webhook for an external service. I can see it is possible to do this manually by launching app script code using the 'Deploy a script as a web app' option from the Script Editor
https://developers.google.com/apps-script/guides/web#deploy_a_script_as_a_web_app
Is it possible to automate this in app-script so that the user can configure this in the add-on UI only and in the background, app-script launches the endpoint and can return the endpoint URL to the user?
A Google sheets add-on is a single project shared across all users of the add-on. So, even if any user was allowed to use "Deploy as webapp" feature, Deploying it will create a single endpoint for all users of the addon and NOT a unique url endpoint for each user.
It might be possible but you'll likely need the user to grant your app access to restricted scopes, in which case your add-on will need to undergo a security assessment which will run you anywhere from $15,000.00 to $75,000.00.
You can try leveraging the Apps Script API to create a script project specific to the user and use that project to deploy a web app on their behalf. Not sure if it will work, but you can try playing with the following API endpoints:
https://developers.google.com/apps-script/api/reference/rest/v1/projects/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/update

Why the Web Apps deployed with permission "user accessing the web app" started to respond with "you need permission?"

I have two GAS scripts. One of them is GSheets add-on another is Web App. The web app has doGet and doPost implemented. doGet returns custom HTML login screen. This screen is called from the GSheet script. After user logs into the web app I execute a doPost call to web app from the GSheet script to transform some data and return it as a JSON content.
The Web App is published with the following permissions
I need to run it as the "User accessing the web app" since I access user's drive and UserProperties service from the Web App.
When the doGet is executed for the first time from the Gsheets script the web app script request users permissions with the following OAuth scopes
"https://www.googleapis.com/auth/script.external_request"
"https://www.googleapis.com/auth/script.storage"
"https://www.googleapis.com/auth/drive"
User grants it and the Login page is rendered and works great.
When I execute the doPost call from the GSheet script I use:
UrlFetchApp.fetch('https://script.google.com/macros/s/<...>/exec', options)
The options object contains the Authorization: 'Bearer ' + ScriptApp.getOAuthToken(); basically user authorization of the GSheets script.
Everything was working great until yesterday. Now when I do the doPost call from the GSheets script I get the following HTML as a response.
Any ideas what is wrong here and why it stopped working without any changes? Perhaps some GAS update?
If I share the source code with the user who runs the scripts the issue is gone. I believe the issue could be related.

How Do I Request "Send Email As You" Scope?

I have a Google Apps script deployed as a Web Application, and then I have a web app. hosted at www.mjpanel.com, that calls the Google Apps script as a web service. In the www.mjpanel.com app, I synch. up with Google requesting the following scopes:
.init(
{
client_id: '[Client ID].apps.googleusercontent.com',
fetch_basic_profile: true,
scope: 'https://www.googleapis.com/auth/drive https://mail.google.com https://www.googleapis.com/auth/gmail.send'
}
);
This includes the request I can find for 'all gmail authorization'. When that call issues and the authorization box pops up telling them what my app. is requesting to do, one of the items is "Send Email On Your Behalf".
My Google Apps Script needs the permission to "Send Email As You", which is different than "Send Email On Your Behalf". Thus, when the app. reaches a point that it is going to issue a web service request to my Google Apps script that exercises the code to "Send Email As You", the web service call is failing due to the lack of permission. If I debug, capture the Google Apps script URL that the web service call is getting sent to, and paste into a browser tab, I get a return that is the button for the user to authorize my app. to "Send Email As You".
However, that is no good, because this is happening as a Web Service call.
What I need is a way to request the "Send Email As You" scope up front; but I can't find any documentation that tells me how to frame that scope request.
Thanks in advance for any help you can give me.
I believe the scope is https://www.googleapis.com/auth/script.send_mail.
To force a script to request that, you can write a commented use of MailApp e.g.
// MailApp.sendEmail();
It won't do anything but it will get detected by Apps Script which will prompt for authorization.