Adding external Google APIs to add-on initial auth scopes - google-apps-script

I've built a Google Sheets add-on that retrieves data from the Google Search Console API and writes it to the user's spreadsheets.
Since the Search Console API isn't available in the "Advanced Google services" section in Apps Script, I used the OAuth2 library available on GitHub, with the "https://www.googleapis.com/auth/webmasters.readonly" scope. It currently uses separate credentials in the Developer Console.
While the add-on works fairly well, when a user installs it for the first time, he/she has to authorize it using Google's OAuth process for certain scopes that are automatically detected in the script (managing spreadsheets, send emails, do external requests, and so on). After the authorization is completed, the add-on displays the usual add-on sidebar where the user has to do an additional OAuth process, this time for approving access to the Search Console API (via the OAuth2 library mentioned earlier).
My goal would be to include the Search Console scope in the initial OAuth process, so that users wouldn't need to go through the process twice. Unfortunately, the "Scopes" section in the Apps Script Project Properties isn't editable, so I cannot add that manually, and as far as I know there's no way to make it so it gets automatically detected.
Is there any way to do that? Would it make any difference if I were to use the Apps Script credentials for the OAuth2 library that I'm using to access the Search Console API (instead of having a separate set)?
Thanks!

As stated in this documentation, Google Apps Script can interact with APIs from all over the web. This guide shows how to work with different types of APIs in your scripts. You can use the UrlFetch service to make API requests directly.
Make requests to services with OAuth
APIs that act on behalf of a user usually require authorization, often using the OAuth protocol. Apps Script doesn't provide built-in support for the protocol, but there are open source libraries you can use to perform the OAuth flow and send the credentials with your requests:
OAuth1 for Apps Script: Compatible with OAuth 1.0 and 1.0a.
OAuth2 for Apps Script: Compatible with OAuth2.
This link might also help:
Making HTTP Requests Directly
If Google Authentication is desired for external applications, or a Google API is not available yet in this library, HTTP requests can be made directly.
The authorize method returns an authorized Guzzle Client, so any request made using the client will contain the corresponding authorization.

It is now possible to customize the OAuth list of a project via editing its manifest file: https://developers.google.com/apps-script/concepts/scopes
Google mentions that not all Google OAuth scopes are included (I haven't managed to find an exact list), but I've tested adding the Google Search Console scope and it seems to work fine.

Related

Google Script as a webhook receiver [duplicate]

I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.

How to verify ownership of a Google Apps Script in Webmaster [duplicate]

I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.

Drive API Push Notifications for a Google Apps Script Web App

I want to set up a Push Notification using the Google Drive API and a web hook set up with Google Apps Script. I cannot figure out if this is possible or not.
The part of the steps that I can't figure out are the domain verification steps. I have a web app published with a doGet as below:
function doGet() {
refreshCandidates();
return HtmlService.createHtmlOutput('<b>google site verification</b>')
.addMetaTag('google-site-verification', 'Iu3xxxxxx')
.setSandboxMode(HtmlService.SandboxMode.IFRAME);
}
When I try to verify the url it gives me https://script.google.com/...ZS2/exec as an endpoint. But when I try to verify it is hitting https://script.google.com/...ZS2/exec/ and finding a completely different meta tag.
Has anyone successfully used the drive api and push notifications with google apps script? What am I missing?
Unfortunately, it is no longer possible to verify a GAS Web App url. Up until around August 2019, there was an option to "Register in Chrome Web Store" available under the "Publish" menu in the App Script editor. Back then any Web App so registered would have its URL automatically verified. However, that option has since been removed, and the verification methods available under the search console simply do not work for GAS Web App urls.
Furthermore, even when verification was feasible, it was not possible to effectively leverage Drive Push notifications since all relevant notification information is stored in HTTP headers which are not accessible from a GAS doPost() function.
Google Apps Script is no longer a viable platform for implementing Google API Push Notifications across most services (Gmail, Drive, Calendar, Admin Directory etc.). If you want to stick with Google's cloud offerings, there are alternatives you can explore. Google Cloud Functions is one such option.
UPDATE: Gmail leverages Cloud Pubsub for push notifications and this service has recently been updated to remove the need for domain verification for push endpoints. So, going forward its now possible to use GAS Web App URLs in this scenario.
Currently, it doesn't seem to be possible to verify webapp published using Google apps script using Google site verification from search console.
Feature request to Google was made. The issue can be tracked here. Consider adding a star(on top left) for Google to prioritize the issue.

Access browser cookies from Google Apps Script

I am new to Google Addon development. I have been working to develop a Gmail addon using the Google Apps script.
My current requirement is to retrieve some information from a website which is authenticated in the same browser (in a different tab). The website supports different authentication types (SAML SSO, Active Directory etc) and require multi factor auth. So it is not possible (or practical) to perform all types of authentication from the Apps Script.
Instead, My idea was to have the user login manually (not the addon script itself) into the site (using whatever authentication is configured for the user) . The login action results in authentication cookies stored in the Browser. I want use those cookies in this Addon script to perform API.
This works fine with chrome extensions.
So, My question is, is it possible to retrieve stored cookies in a browser using the URL name from the Apps Script?
This is strictly not possible. Google Apps Script code does not run in the browser. Although Apps Script shares many conventions and similarities with frontend (browser) development, it actually runs in a sandboxed environment on Google's servers, so it is not possible to access the standard web APIs that you're used to when developing for the browser.

How do I change the authorization domain using Google Drive?

I have a Google Drive enabled application that I'm trying to get into the Google Apps Marketplace. It was rejected because:
Your request begins : https://www.google.com/accounts/o8/ud?openid
It should look more like :
https://www.google.com/a/DOMAIN_GOES_HERE/o8/ud
I've not been able to get an response from anyone at Google as to what this means.
We based our Drive operations on the Java DrEdit example.
Is it possible, using the Google API Java Client Library, to use the second domain above, if so, how?
Also, even if it can be accessed, does it have access to the file permission settings I need in order to perform the various Drive operations?
The answer is that it's not possible at this time. The variant of OAuth2 used with Google Drive does not permit forcing login to a particular domain.
The Google Apps Marketplace storekeepers should be allowing such applications to be accepted until a workaround is found.