Authorized App Script needs to be requthorized - google-apps-script

I am using the same (unverified) app script for multiple (around 200) spreadsheets. For each spreadsheet I authorized the script.
Though after a few days it seems like some spreadsheets just loose the authentication and need to be reauthorized.
Can anyone explain why that happens?

This is a recent bug in Google Sheets. If you are logged into multiple Google accounts at the same time, some scripts bound to Google Sheets may require authorization.
However, if you open the same Google Sheet in incognito mode and log into a single Google account, the authorization may not be required.

Have you made any edits to the script? That resets the authorization requirement I believe.

I am using the same (unverified) app script
When running a Google security check-up these will appear as unverified third party apps that you are giving access and if you do not recognize the script name you might be inclined to remove access.
You are an 'unverified third party' even though you wrote the script and own the properties being accessed, a problem when Security checks are done.
As I wrote it and I am the only one that has access to it and it only has access to my properties, I don't know why I would be considered unverified much less a third party.

Related

"App blocked" message in Google Sheets for "AdWords Data Grabber by Optmyzr"

I have tried using this Google Ads Script along with a Google Sheets Template found in this article: https://searchengineland.com/script-automates-adding-adwords-data-google-spreadsheet-277724
Link to my Spreadsheet: https://docs.google.com/spreadsheets/d/1XyF8V4Xhi7MLNwDWGsHV3a10M-g9HiAD0sWGLh9wfak/edit?usp=sharing
Google Sheets: When I click;
AdWords Data Grabber from Optmyzr - Choose Report Type - Selecting any report
I have to approve the app. But then I get an error saying;
This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.
Does anyone know how to get around this?
It also seems like the onOpen function fail
If the app doesn't meet Google's security standards, Google may block access to your account through them by default. Less secure apps can make it easier for hackers to access your account, so blocking sign-in from these apps helps keep your account secure.
You can try to bypass it via:
https://myaccount.google.com/lesssecureapps, but understand that you are putting yourself at risk.
Source

how to store the email of the google app script installing users

I have google sheets addon in Google Workspace Marketplace. I want to store the emails of the users installing the addon. I'm thinking of three possible ways.
Write to private spreadsheet under the addon account (different than the user's). Addon is running under user's so the question is, is this even possible - accessing the addon account (specifically writing to a spreadsheet) from within the user google account context?
using PropertiesService - Write the user to script properties using PropertiesService class.
One problem with this one is the limitations as explained in Quotas for Google Services.
for me, at lease for now, this is enough.
However the question is how to access those script properties programmatically.
Of course I can access the data from the script editor, but this is not practical if I want for example to send mail to all the users.
adding code to the addon that will be available only for specific users (admin). In this case since I can read the users from the script properties, and maybe write them to spreadsheet to be used later. This looks ugly, I admit.
I'm not asking for code solutions, but suggestions for the right or best approach.
The easiest solution is to create a database
Create a spreadsheet located on your Drive, shared as "Everyne can edit".
Implement a flow where after Add-n installation data containing the user"s email will be appended to the spreadsheet.
This request will take place on user's beahlf, however given that the spreadsheet is shared publicly, there won't be any access permission issues
Even if the spreadsheet is shred publicly - given that the spreadsheet id is not known by anyone other than the Add-on code, you do not need to worry about undesired access to the database.

Google App Script Permissions, excessive?

Why do all Google Apps Scripts require so many permissions? This screenshot is from a test script I made. Should I worry that 3rd party apps also have the ability to delete spreadsheets (or emails or whatever app the script is accessing)?
Or is it just to delete the spreadsheet I am working on? Some scripts say all files in Google Drive. Who wants to give any app that much control? In practise, would any 3rd party developer actually go through with this? It almost sounds like giving programmers the ability to hack our accounts? Am I not understanding this?
Here is an example of a 3rd party app. Do they seriously need all those permissions just to send out an email from a Google Sheet? Seems excessive! Can I, after the fact, restrict the permissions as other authors have said, just a few minutes ago?
I don't see the point.
If you created the script from a spreadsheet, you can declare the following (add it the top of your script) to only grant access to that spreadsheet:
/**
* #OnlyCurrentDoc
*/
See also https://developers.google.com/apps-script/guides/services/authorization.

Publish as a private add-on to avoid granting permission on copies of gsheets

I have a similar question to both of the questions below. I have a script bound to a google sheets, and I use this sheet as template. However I'm looking for an option to not have to grant permission each time I copy the file.
From reading the answers in the questions below, I understand I have to publish a standalone script as an add-on.
However, reading this answer, I see that I need to create a Cloud Platform Dashboard and all bunch of stuff which looks pretty messy to me, such as google reviewing process. Again, it is only for personal use...
Is there a way I can privately publish it as an add-on, without having to go through all the process?
Thank you
What is the best way to create Container-bound Scripts that can be cloned?
Grant permissions on open for first time for a bound script in Google Sheets
If you don't want spreadsheet hook triggers like onEdit or button or anything else, You can use a standalone script.
A standalone script can be written, which loops through your spreadsheets doing what's needed based on a time trigger.
Adding to the already existing answer
Publishing a private add-on does not require going through the Google Review process, especially since it is for personal use only.
Therefore, the situations below do not require verification:
If you want to deploy the add-on solely for internal use which means that the add on will be used only by people in your Google Workspace or Cloud Identity organization.
If you want to use the add-on domain wide which means that the add on will be used only by Google Workspace enterprise users within the domain.
For the whole list of exceptions from the verification process, you can check this here.
Reference
OAuth API verification FAQs.

Can not grant access to run scripts from kid account in google spreadsheet

I made a fun spreadsheet to exercise basic math for my kids, but when they are logged on their kid account, they can not run any scripts (no fancy script, just copy-paste macro). After script authorization request they got error 403.
Chyba 403: access_denied
Podrobnosti požadavku
access_type=offline
login_hint=hanzalek.ben#gmail.com
o2v=1
hl=cs
response_type=none gsession
redirect_uri=https://script.google.com/oauthcallback
state=14621511234839642112
client_id=433541798399-h1ncj2ckkapf2gkcoo59mjv46kem0c88#developer.gserviceaccount.com
display=page
prompt=consent
scope=https://www.googleapis.com/auth/spreadsheets.cu
When I access the spreadsheet from another adult account everything runs.
link to the spreadsheet (you may copy it and use it for your kids if you wish :):
https://docs.google.com/spreadsheets/d/1Jy1hHgyCkkIJv26attxikKpJlYb_hjWXTauXMjVyn8E/edit?usp=sharing
Answer:
It appears that there is a restriction for Kid/Child accounts where Apps Script it not available. As long as your children have restricted accounts, there is nothing you can do about this.
More Information:
I did some testing and was able to reproduce the behaviour. These are the results of my tests:
If the account is a child account, the 403: access_denied error is received when trying to run a script from a Spreadsheet.
If the account is a child account, even if they create a new Sheet themself, they do not have access at all to the script editor. This heavily implies that child accounts do not have any Apps Script permissions/abilities at all.
If the account is not a child account, but the account is set up to be supervised in the family group at https://families.google.com/families, they can both run the script written by another account, and they have access the Script editor.
After searching the Family Link settings for the kid account, I was not able to find any setting which allows this to be turned on. I did some searching and I wasn't able to find any specific documentation either from searching on Google or on Google Help.
I did however find a couple of other Stack Overflow questions in which people have had the same error, and this was also the result of their findings, which I have included below.
Google Issue Tracker:
As there doesn't seem to be anywhere that publically mentions this specific Apps Script restriction, I suggest that you file a bug on Google's Issue Tracker for this, in the linked Apps Script component. They might be able to give you more insight into this behaviour.
In the mean time, it appears the only workaround for this is to have the users of the kids accounts use non-kids accounts while using these Spreadsheets, or maybe looking into embedding the Spreadsheet in a web app and have the scripts execute as you rather than the currently logged-in user. More infor about this can be read here
Relevant Questions:
New Google Account not able to access script.google.com
“Can't visit this page” error when trying to access Google Scripts
References:
Your family on Google
google "kids" apps script 403 - Google Search
Search results for kids apps script 403 - Google Help
Google Issue Tracker
Web Apps | Apps Script | Google Developers