Publishing Google Sheets Addon - site verification - google-apps-script

I've built a Google Sheets script that queries my company's API and outputs the data from my platform into a spreadsheet. It takes the username and password using a form and then runs an API call to output the results to Google Sheets.
When I tried to publish the addon, I received feedback that I needed to comply with Google OAuth verification. To get this verification, I need to prove that the domain is mine; although I have access to GA for our site (which isn't working for the verification), I am not the domain owner. So, I was wondering, is there a way to publish this Google addon for my company account and what are the next steps to complying with Google OAuth?

Related

Apps Script (Google Sheet) not allowing me to Run Script

I have a fairly simple dataset in a Google Sheet. I created an AutoSort script. I saved it, and when I click "Run," I get the following errors. One from a pop-up, and another from the Execution Log.
Pop-up error:
Authorization required
This project requires your permission to access your data.
*For this error, there is a button to "Review Permissions" and I log in using my google account and then just nothing happens.
Execution Log error:
Warning This project requires access to your Google Account to run. Please try again and allow it this time.
The Owner of this Google Sheet is my personal Gmail account, and I am making these edits and created the script using my business Gmail Admin account. I also tried to access this sheet and run the script USING my personal Gmail account, and received the same error:
Google hasn’t verified this app
The app is requesting access to sensitive info in your Google Account. Until the developer ({mypersonalemail}#gmail.com) verifies this app with Google, you shouldn't use it.
Any insight as to how I can authorize this would be appreciated. It sounds like something small I'm missing.
Also, in my personal email I receive a message with subject:
Review edits to your Apps Script project within your document
and it allows me links to access the worksheet and the script, but I don't see any way to approve the edits, or anything like that.
Expected behavior: What I am expecting is for the script to Run, when I click "Run."
It's not a good idea to mix accounts from different domains, specially when using a free account and a Google Workspace account like you have done because that is the cause of the situation that you are facing.
My hypothesis is that the Google Cloud default project linked to the bounded script is created with the account used to create the project.
If you need that you personal account be the spreadsheet owner the best is to create the script using the personal account, and when needed, create a Google Cloud Standard project (GCSP) using the the personal account. You might try to fix the problem with your spreadsheet and the current Apps Script project by creating a GCSP, as was mentioned previously, by using the account that is the owner of the spreadsheet and linking it to the Apps Script project.
Note: If your script is using sensitive scopes you might have to set the OAuth Consent Screen publishing status to tes and add your Google Workspace account as tester.
Ref: Setting up your OAuth consent screen
Once you have finished the setup of your Google Apps Script project you should be able to use your Google Workspace account to update and run the Apps Script code but any new deployment and new version should be done using your personal account.
If you have access to Shared Drives and are allowed to use them for your spreasheet, consider to move it to a Shared Drive as this will make a lot easier to manage your script.

I want to complete the verification of the Google Apps Script

I am creating and hosting a web app with Google Apps Script(html). The screen of 'Unverified app screen' is displayed.
Google workspace is not used.
With over 100 users, access to the app is now blocked.
https://developers.google.com/apps-script/guides/client-verification?hl=en#applicability
I'm trying to request verification of the app by referring to the following article, but I'm stumbling on the confirmation of ownership of Apps Script in step 1.
※google cloud platform project has already been created, and is linked to the Apps script project.
Is there a way to check the ownership of a web page launched with Google Apps Script using the Google search console?
They need to click on the unsafe link and authorize the script.

Why my Google Apps Script permissions are revoked after few days?

I made a simple Telegram bot that runs on Google Spreadsheet with a help of Google Apps Script.
It does a lookup in sheets and optionally saves an uploaded file to my Google Drive.
Previously it was a Script attached to the Spreadsheet. Later Google suggested to create an App in Google Cloud Console and assign the script to that App id, so all API calls are accountable.
Script app is not verified and runs in "Publishing status: Test" mode. I only need it to access my account's data.
The permissions I gave to the script (access to Sheets, Drive) get automatically revoked without any notice after about 2-3 days, and the bot stops working. Until I revisit the Shpreadsheet, open Extensions - Apps Script, run any function and it asks for authorization again. Then the bot works for a couple of days more.
How can I make the permissions I give permanent?
Permissions I granted (again) to my app:
Updated menu of the Spreadsheet app:
From Setting up your OAuth consent screen > Testing
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Considering the above you have to get your app to be verified by Google.

Authenticate in Sheets Add-on to App Using Google OAuth

I am creating a Sheets add-on that works with our app. Our app uses Google OAuth for authentication.
I have the add-on working with manually configured credentials, but obviously that's not a real life solution. Now I need to have the add-on user authenticate to our app within the add-on itself, so we know whose account to work with.
User has data in Sheets -> user uses add-on to authenticate to app -> add-on uses app's API to push/pull data between Sheets and app for that user
I have tried using our API's login URL to get the HTTPResponse from Google using fetch() and loading it into a sidebar, but aside from it being ugly, it doesn't give me the expected option of choosing the Google account I want, but rather logging in from scratch, and when I enter my Google account, it doesn't do anything other than continue giving me errors about the frame being sandboxed. The threads here and here don't seem to address the issues as they're talking about iframe within the app, whereas I'm trying to use the sidebar in Sheets itself.
The app and the add-on are using the same GCP Project ID.
I need to get the same BearerToken that the app uses to use in the add-on.

How to add a Google Apps Script web app as a client in Google API console

I have an app that consists of two parts
an installed application (more specifically: a browser add-on) that runs on the user's machine, and
a web app implemented as a stand-alone Google Apps Script app using HtmlService.
The two parts talk to each other and both access some Google APIs on behalf of the user via Oauth. To do this, I set up an API project in the Google API console. In the section "API Access", I created a client of type "Installed Application" for the browser add-on. For the Apps Script part, Google takes care of the authorization flow automatically.
My problem is that Google does not know that these two clients are part of the same project. Therefore, the user has to go through two authorization steps in a row when executing my app for the first time (first, the Oauth process for the browser add-on and then the automatically generated authorization process from Google Apps Script). This is very confusing to the user, especially, since the splitting between the browser add-on and the web app is rather an implementational detail about which the user shouldn't really have to bother.
Is there a way to unify the two authorization flows? I know that one can add several distinct clients to a single project in the Google API console. It seems to me like this feature is explicitly intended for scenarios similar to mine, where more than one application make up what is perceived as a single service by the user. Unfortunately, web apps that are implemented in Google Apps script don't seem to be compatible with the Google API console because of the way Apps Script generates the authorization flow automatically. Or am I missing an option in the API console or in the Apps Script editor?
For future reference: I found out that Google automatically creates an API project in the Google API console for each Google Apps Script project. This seems to be a fairly recent feature. One difficulty for me was that these API projects don't show up when one goes to the API console, clicks on the name of whatever project is currently opened in the upper left corner and chooses "open". Apparently, the only way to reach the auto-generated API project is as follows:
Go to drive.google.com and open the Google Apps Script project.
Chose "Resources --> Use Google APIs...".
In the popup, click the link to the Google API console.
In principle, this should allow to add additional clients to the project, as long as none of the other clients is also a Google Apps Script project. I haven't been able to test this since it still doesn't solve my specific problem: Sending e-mails from the user's Gmail account seems to be a feature unique to Google Apps Script and I couldn't find an Oauth2 scope for this operation. Therefore, I still cannot ask for all required permissions in a single authorization flow. But if anyone who's reading this has a similar problem with different Oauth2 scopes, the above instructions should fix it for you.
Anyway, I solved my problem in the meantime by no longer using Google Drive to upload files.