I have a web app created using google script which is distributed in a team,They will use it to upload some files.
I want to save those files into my drive rather than their own accounts.
According to my research I can only save it my account If I publish that app with option Execute as me and option who has access with anonymous.
But I want to Execute as user accessing this app option(that required user to authorized).
Anyone know how to solve this?
Create a service account and enable Domain-wide Delegation of Authority on it. Then you can execute saves to the Google Drive under your account. You'll need to leverage a Google OAuth2 library.
Here's a good one:
OAuth2 for Apps Script
Related
I want to create a Google sheet add-on where the user can create an HTTPS endpoint in his sheet, that can act as a webhook for an external service. I can see it is possible to do this manually by launching app script code using the 'Deploy a script as a web app' option from the Script Editor
https://developers.google.com/apps-script/guides/web#deploy_a_script_as_a_web_app
Is it possible to automate this in app-script so that the user can configure this in the add-on UI only and in the background, app-script launches the endpoint and can return the endpoint URL to the user?
A Google sheets add-on is a single project shared across all users of the add-on. So, even if any user was allowed to use "Deploy as webapp" feature, Deploying it will create a single endpoint for all users of the addon and NOT a unique url endpoint for each user.
It might be possible but you'll likely need the user to grant your app access to restricted scopes, in which case your add-on will need to undergo a security assessment which will run you anywhere from $15,000.00 to $75,000.00.
You can try leveraging the Apps Script API to create a script project specific to the user and use that project to deploy a web app on their behalf. Not sure if it will work, but you can try playing with the following API endpoints:
https://developers.google.com/apps-script/api/reference/rest/v1/projects/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/update
How do I track down which Google Apps Script project "Project-id-19735......6273" actually is?
I've tried pasting it into the Cloud Console URL (https://console.cloud.google.com/home/dashboard?project=Project-id-19735......6273) but that doesn't bring anything up. I think this technique is working for projects I own, but not ones shared with me.
This is further to the email notifications we’ve been getting about this updated OAuth on the GMail API and discussed further here.
Unless the owner of the GCP project explicitly grants your google account the appropriate permissions from the Cloud Console you won't be able to access the GCP project bound to an Apps Script project that's been shared with you.
The Apps Script project and GCP project are related but they are NOT one-and-the-same. The GCP project is more of a container and can actually reference multiple Apps Script projects. Each Apps Script project is basically a web app, with its own Client_ID and Client_Secret. That's why you can use ScriptApp.getOAuthToken(); authentication and authorization are handled internally (the GAS editor handles oauth scopes based on usage context or what you define in the manifest JSON).
I'm guessing here, but I suspect that the owner of the GCP project would have to navigate to the IAM (Identity & Access Management) page for the project and add you as a user with read/edit permissions.
What I trying to do here is an application that connects to bigquery, executes some query and writes a spreadsheet in current user's Google Drive.
I know that I can change the "Execute app as" option when deploying the app. But when I do this, and the user try to use the app, Google asks for permission to access the BigQuery.
I do not want to give permission to each user to access BigQuery.
We have about 50 ~ 100 users who will use (and this number can increase)
Some images:
When access the application's url: http://i.imgur.com/kGzJ3ps.png.
When the user clicks in the "continue" button:
http://i.imgur.com/4cRmhZ6.png
Hope I've been clear.
You would probably need an App, that had people sign in with their Google account using oAuth2
Google Accounts Authentication and Authorization
I think that this link gives an overview of what your options are:
Permissions and Types of Scripts
I guess you would need to have an App, that ran as User at the keyboard, so that the spreadsheet saved to their Google Drive. If you wanted the user to be able to download a file to their computer drive, that's a little different.
Just use HTML Service. It's basically just building a website. You just don't have a domain name. But the spreadsheet you are distributing doesn't have a domain name.
HTML Service Google Documentation
From an Apps Script HTML Service, you can write to Spreadsheets, Documents, and run HTTP Requests (urlFetch).
URL Fetch Service
The permissions in the Apps Script App can be set to run the Apps Script file as yourself, with access to anyone, even anonymous. That way, the user will never be asked for permission for any files that you own. You will need to authorize it once, the first time any script that needs access to your files is run.
Because anyone could run your Apps Script App, you might want to have a log in system to authenticate users.
You would need to use the Big Query API with Apps Script urlFetch to access Big Query.
So, with the HTML Service, you can do most everything you could do with HTML, CSS, and Javascript on a regular website. You can create custom input forms, have different pages and display data in tables. Plus it's served over HTTPS.
One solution that you can use if you don't want all your users to enable BigQuery is to use a webapp deployed as a service running as "you" and that will respond to an urlFetch coming from each user through the script they run as "themselves".
This service will be deployed as any other webapp using a doGet main function and return its data using contentService
Yes, that is possible. Check out this answer here: Using Advanced Google Services with Service Account and also check this awesome library: https://github.com/googlesamples/apps-script-oauth2
I've been researching on using apps script to transfer file owner from one user to another, for files that are not owned by the script account. I saw posts with possible solutions using drive API, but is it possible to use DriveApp's file setOwner() to transfer a file's ownership when using a super admin account? Thank you.
No, Apps Script doesn't support domain-wide authority for Drive Access. You'll need to use Drive SDK and Service Accounts for that.
Please log an enhancement in Apps Script Issue Tracker if you want to track this with the team.
I am trying to authorize files on my google drive with specific APP authorization I created. As files on my google drive can only be manipulated by its authorized app, is there any way I can convert these "None" authorized file with APP authorization? And, if yes, by which function?
I looked all over the tutorial document but only find discussion about permission. The only method I can think about is uploading these files to google drive with upload function from my created app. But I guess there is a much smarter way. Do any one has the same experience?
Here list my steps to create authorized file:
First, I start my app from using sample code, DrEdit. https://developers.google.com/drive/examples/python;
From the code, I successfully open new files and saw them listed on my google drive.
From view authorized app, I can clear see these apps created from my app have their authorization signed with app ID. The other files original belong to me have these authorization signed as "None".
I had the same issue and had to change the scope from https://www.googleapis.com/auth/drive.file to https://www.googleapis.com/auth/drive which gives full access to all drive files rather than just the ones created by the app.