I developed an Apps Script Web App that uses some Google Apis (drive, calendar, etc.).
I wrote Terms and Privacy Policy and requested Google to approve it, and they keep bugging me that I need to remove, from "Authorized Javascript origins", anything that is not hosted on my real TLD's (own domains).
The problem is I need to put on the authorized origins some https://n-blablabla-0lu-script.googleusercontent.com URL's, because those are the origins of the Apps Script itself, where the LOGIN button is.
Basically when someone enters my app, if it is not yet logged in, I show in the app itself a Login button, and once the user logs in, I request the permissions. This is pretty common, and since the Apps Script runs in google platform, it has google on its URL/origin.
I spent ~2 weeks with Google Support trying to explain them that I cant remove those authorized origins of https://n-blablabla-0lu-script.googleusercontent.com, otherwise, I do get this:
idpiframe_initialization_failed: Not a valid origin for the client
The Google Sign-in library requires that the domain registered in the Google Developers Console matches the domain being used to host the web page. Ensure that the origin you registered matches the URL in the browser.
the Web App is embedded on a Google Sites (new) iframe
Related
I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.
I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.
I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps
I am new to Google Addon development. I have been working to develop a Gmail addon using the Google Apps script.
My current requirement is to retrieve some information from a website which is authenticated in the same browser (in a different tab). The website supports different authentication types (SAML SSO, Active Directory etc) and require multi factor auth. So it is not possible (or practical) to perform all types of authentication from the Apps Script.
Instead, My idea was to have the user login manually (not the addon script itself) into the site (using whatever authentication is configured for the user) . The login action results in authentication cookies stored in the Browser. I want use those cookies in this Addon script to perform API.
This works fine with chrome extensions.
So, My question is, is it possible to retrieve stored cookies in a browser using the URL name from the Apps Script?
This is strictly not possible. Google Apps Script code does not run in the browser. Although Apps Script shares many conventions and similarities with frontend (browser) development, it actually runs in a sandboxed environment on Google's servers, so it is not possible to access the standard web APIs that you're used to when developing for the browser.
I've added a few scripts to a Google Spreadsheet. One uses the Drive API. First time a person runs the script he has to manuallly enable access to Drive API and click on the link to Google Developer Console and enable access to Drive API.
There are about 100 people in my organisation who are going to use this spreadsheet and is there some way for me as a domain owner to enable Drive API so that the users don't have to do it by themselves?
/Magnus
Your users are going to have to create there own application in Google Developers console, and authenticate themselves.
Google Made a change recently that makes it against terms of service for you as a developer to give out your client id from Google developer console. So they will need to make there own. There is also no API that will let you automate this for them either.
As for authenticating that is the nature of authentication. Each user must give the application /or in this case script access to there account.
Sounds like you are doing everything correctly right now. It may seam time consuming but that is the way things have to be done.