In Postman, I have my GET request set up to where I can get the correct access key using grant_type, client_id, client_secret, and resource in my request body.
I'm trying to get this working in Google App Script, however there does not appear to be a setResource function. I've looked through the documentation and could not find an alternative. Is it possible to somehow set the resource to get the proper access key with Google App Script OAuth2?
https://github.com/googleworkspace/apps-script-oauth2/blob/master/dist/OAuth2.gs
You can set an additional parameter for constructing the authorization URL by using .setParam().
.setParam('resource', 'https://storage.azure.com/')
Related
Situation:
I have a Google Sheets whose data I would like to access using URL and an API key, e.g.:
https://sheets.googleapis.com/v4/spreadsheets/{SHEETS-ID}/values/{RANGE}?key={API-KEY}
This works only when the Sheet is publicly available, i.e. "Anyone with the link can view". I would like not to allow link sharing. I've seen in Apps Script that it is possible to add access to a service account.
Question:
Is this also possible if you only have an API key and requests the data using a URL as above?
No, it's not possible to access private data only with an API key. As stated in the documentation :
If the request requires authorization (such as a request for an individual's private data), then the application must provide an OAuth 2.0 token with the request. The application may also provide the API key, but it doesn't have to.
Anyhow the Google Sheet API will make your life easier to build requests and retrieve private data.
I'm trying to deploy a Google Apps script via the Google REST API, and I'm using the API Explorer to perform that.
This is the method I am testing:
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/create
Executing the method via the API Explorer returns a 404 error. I have verified that the scriptId in question does exist, and have tried several other scriptIds, to no avail. I have also made sure the permission scopes are properly set.
This is what the API Explorer gives me.
Worth mentioning that the same scriptId works when calling another method such as projects.get.
Is there anything I am missing, or is this an issue on Google's end?
In case of the latter, what are the steps to contact Google Apps Script's team and inform them of this issue?
Your versionNumber is incorrect. The Requested entity here refers to the version of your script. You need to go to File>Manage Versions>Save New version to create a new version(or create one with the api1) and use that version number in the request body.
Check your authorization scopes. You need to have the following scope enabled:
https://www.googleapis.com/auth/script.deployments
If its not in the list of available scopes in API Explorer then you'll need to add it manually (there is an area at the bottom of the authorization dialog where you can add scopes).
Google's API Explorer uses API keys to authorize requests. In some cases an API key is not sufficient and an OAuth2 (bearer) access token is required. As an alternative you can create an Apps Script project and add the appropriate scopes via the manifest file(appsscript.json). Then you can use UrlFetchApp.fetch() to test the API directly.
So what I'm trying to do is to fetch data from gmail API using unix's shell (curl).
I simply copied this from the json generator to be able to play with the json when I used with curl.
GET https://www.googleapis.com/gmail/v1/users/somebody%40gmail.com/messages?
maxResults=5&includeSpamTrash=false&key={YOUR_API_KEY}
Then I changed the API_KEY by what I was able to generate in my developer console. However, I cannot get the desired json when I put the link in my browser, or curl it in my shell. How do I generate the right key? Because I already generated from all of the choices in the Credentials.
Thanks!
What you generate in the Console is the Client ID and Client secret, which are used when you redirect your users to Google. Upon accepting, Google then redirects the user to the url you specify in the console with a code. This code is then finally used to retrieve the Access Token which you should use as {YOUR_API_KEY}.
Go to Google OAuth 2.0 Playground, and use the Gmail API v1 scopes, and retrieve the access token and use it in your shell.
Hi I have a very simple Google Apps Script, i.e. one that is created when in Google Drive and click create and then script.
What I would like to be able to do is have users authenticate using the oauth 2 protocol, receive the authorisation code and exchange that for an access token and refresh token. This requirement is for an IPhone app so I would rather save the refresh token so users do not have to login repeatedly.
My issue is that I do seem be able to get the access and refresh token, I can see the client_id of the app in the url returned from the authentication step, however I believe I also need client_secret to request the access and refresh token from:
https://accounts.google.com/o/oauth2/token.
I'm asking it this even possible, if so do you know of any examples and if not could you recommend a different approach (perhaps use an application specific password).
Many thanks
You should be able to obtain this from the Oauth Playground.
Oauth Playground
I'm playing around with AppScript and try to get an oAuth 2.0 access token.
Any sample out there how to get this working in AppScript?
I am working on a cleaner tutorialized version of this, but here is a simple Gist that should give you some sample code on how things would work -
https://gist.github.com/4079885
It still lacks logout, error handling and the refresh_token capability, but at least you should be able to log in and call a oAuth 2 protected Google API (in this case its a profile API).
You can see it in action here -
https://script.google.com/macros/s/AKfycby3gHf7vlIsfOOa9C27z9kVE79DybcuJHtEnNZqT5G8LumszQG3/exec
The key is to use oAuth 2 Web Server flow. Take a look at getAndStoreAccessToken function in the gist to get the key details.
I hope to have this published in the next few weeks but hopefully this will help in the mean time.
UPDATE - adding in info on redirect_uri
The client secret is tied to specific redirect URIs that the authorization code is returned to.
You need to set that at - https://code.google.com/apis/console/
The highlighted URI needs to match the published URI (ends in /exec). You get the published URI from the script editor under Publish -> Deploy as web app. Make sure you are saving new versions and publishing the new versions when you make changes (the published URI stays the same).
I've modified the example above to use the newish state token API and the CacheService instead of UserProperties, which is now deprecated. Using the state token API seems to make things a little more secure, as the callback url will stop accepting a state token after a timeout.
The same caveats apply. Your redirect URIs have to be added to your (script) project in the developer's console, meanwhile you have to yank the CLIENT_SECRET and CLIENT_ID from the console and paste them in. If you're working within a domain, there don't seem to be any guarantees on what URL will be returned by ScriptApp.getService().getUrl(), so I wound up basically having it get the address dynamically, then waiting for to fail on the the (second) redirect, and then hard-coded the resulting URI.
https://gist.github.com/mclaughta/2f4af6f14d6aeadb7611
Note that you can build an OAuth2 flow using this new API, but it's not a complete sample yet:
https://developers.google.com/apps-script/reference/script/script-app#newStateToken()
In particular, you should not pass 'state' directly to the /usercallback URL yourself, because the OAuth2 service provider is responsible for round-tripping the 'state' parameter. (Instead, you pass 'state' to the auth URL, and the service provider automatically attaches it to the callback URL.)