I have published a Google Apps Script as a web app. Because the URL is not so nice, I have included the script in an iframe on a site with a nicer URL. I have included the corresponding option so that it works at all. Now this web app should only be accessible within the Google Workspace (formerly known as GSuite) I am working in. This setting can be done when publishing the Web App. The problem is, however, that some users (by far not all users!) in our Google Workspace cannot access the Google Apps Script that way. There is a error message saying that Google prohibits the connection.
It seems like the authenticiation does not work "through the iframe". Interestingly, the problem only arises when
the script is embedded in an iframe (the direct script URL by Google works for the users)
the script is restricted to the Google workspace.
Chrome is used (the issue does not happen with Firefox)
It is remarkable that for most users in our Google Workspace the issue does not appear. We had similar problems when including the script on a Google site (which, in the end, is also just an iframe), but with less users experiencing the issue. I have already made sure that the users are only logged in with their Google Workspace account (no other account which has no permission). In Inkognito mode the same happens.
Can someone explain this behaviour? And how to fix that (without changing the framework)?
I have been in contact with the Google support. If I remember correctly, this kind of authentication will be deprecated and should now be done with other tools, for example Google's Firebase Auth.
Related
I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.
I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.
I have currently a simple Hello World Google App Script following Google Documentation
I published it, giving access to anyone on the internet (including anonymous users) and then get both a xxx/dev and xxx/exec urls (latter for "published versions" usage, latter for work in progress usage).
None of those URL are currently working when I call it in my Browser (or through a cURL command) :
Any idea on what could go wrong ?
Note : I already published some Google App Scripts in the past and they are still working today. It is as if my "new" google app scripts was not getting published.
This could be because you are logged into multiple Google accounts. Try:
deleting the "u/0" from the URL
signing out of all of your Google accounts, and back into just one
trying the /exec in an "incognito" window
I have released an app for Google Drive in the Chrome Web Store. I thought it might get added to the Google Drive Collection automatically, but that didn't happen. Is there any form I have to submit?
For your application to appear in the collection of Drive apps your Chrome Web Store app's manifest file need to specify the Google Drive container and your API console project ID as described in this document.
Then your app's listing should get the "Works with Google Drive" badge and, given a few minutes delay for indexing, your app will appear on the collection of Drive apps.
Beware: you may not see it there as a listing doesn't appear for you in that collection if you have already installed it on your browser. It will appear to all other users who have not installed your app yet. To make sure it's there: try looking at the collection with another browser (FireFox for instance).
I have a bit of a nagging problem here. At my current position, we have a Google Apps domain set up (for the sake of this question, it will be pennmanor.net) and I would like to determine a way to log in to Google Chrome (the web browser) and connect the Apps account to sync the settings.
I have found this article: Bug Report that describes the issue, which has been resolved. I have made sure that the options described in Comment 64 are correct, but still no sync. Other articles suggest that it is simply a matter of punching in the credentials and thats it.
We do have a custom SSO and Active Directory set up with the apps account, would this possibly be the cause of the problem?
Does anyone know what I might need to do to enable account Google Chrome to sync pennmanor.net account?
Are you setting user's Google password? Chrome Sync will not use the SSO password. If your users are stored in Active Directory, you can use the Google Apps Password Sync tool to sync passwords from AD to Google as they are changed:
http://support.google.com/a/bin/answer.py?hl=en&answer=2611859