I've written a Google Apps Script web app to allow users to change their gmail signature using a html form template via the Gmail API. This has been working for a few months but has suddenly stopped working. The console error I get is:
mae_html_user_bin_i18n_mae_html_user.js:40 Uncaught Error: Missing required scope "https://www.googleapis.com/auth/gmail.settings.basic" for modifying primary SendAs
at setSignature (Code:151) (Email Signature Generator:21)
This error refers to the use of this line of code:
Gmail.Users.Settings.SendAs.patch(newSig, "me", Session.getActiveUser().getEmail());
SendAs.patch requires the following authorization:
https://developers.google.com/gmail/api/v1/reference/users/settings/sendAs/patch
https://www.googleapis.com/auth/gmail.settings.basic
https://www.googleapis.com/auth/gmail.settings.sharing
After deleting the previously stored permissions and re-running the app the authorization window lists the following permissions:
Note that "Manage your basic email settings" (gmail.settings.basic) is missing. So, what am I doing wrong? Can I rectify this, or is this a gmail-api auth bug?
According to https://developers.google.com/apps-script/guides/services/authorization :
Apps Script determines the authorization scopes (like access your
Google Sheets files or Gmail) automatically, based on a scan of the
code. Code that is commented out can still generate an authorization
request. If a script needs authorization, you'll see one of the
authorization dialogs shown here when it is run.
Is there any way to manually request an auth permission?
use this scope:
https://mail.google.com/
to have full access. You shouldn't have problem with scopes/authorization with that.
Related
Quite new in the apps script world. Trying to create "google form generator" with dynamically created questions/attachment.
All worked well until I noticed that whenever I create the form, users have to "sign in by google account". This was not requested so I found setRequreLogin().
Whatever I set (false or true) I receive the error: "Script error message: Exception: This operation is not supported"
I did some googleing around and it seems the solution is to have the "google suite gmail account".
I use my personal #gmail.com email.
Do anybody have got the same error?
Or is there anybody who is not having the same error using the "regular" gmail?
How I do it (because it might be a bit different than default):
I use python to execute function that is created in appscript
The apps script had to be linked to "standard GCP project" otherwise I would not be able to execute from python (external API call)
I publish the apps script "deploy as API executable" so I can execute (and pass couple of parameters) the script from Python
Thanks for help
function createForm(ordernumber,surname, country, data_list) {
var form = FormApp.create(ordernumber);
form.setTitle(ordernumber +" | " + surname)
.setDescription('anything')
.setConfirmationMessage('you are welcome...');
// .setAllowResponseEdits(true)
// .setLimitOneResponsePerUser(true)
// .requiresLogin(false);
.setRequireLogin(true);
// .setAcceptingResponses(true);
}
According to the setRequireLogin() documentation:
setRequireLogin() - Sets whether the form requires respondents to log in to an account in the same domain or a subdomain before responding. The default for new forms is false unless a domain administrator changes the default.
This feature is available only for forms created by Google Workspace users. Users of other types of Google accounts can't be required to log in.
Therefore, if you posses a gmail account, you cannot use this method.
However, since your script is creating a new form, the users who use this API executable will have to authorize this operation, hence the login screen they are receiving.
Reference
Apps Script Form Class.
I am attempting to remotely execute a google apps script function using the apps script api through a postman request.
I first get credentials from the Google API Playground
Then they are inputted into postman as OAuth2 credentials, and inputted in the headers like this:
Then the appropriate link is requested:
Then the body prepared:
And then the response after making the request:
Postman is returning an error 403, which, according to Google's documentation
indicates that "the Cloud Platform project used to authorize the request is not the same as the one used by the script." An error 403 is an authorization error and can mean many things, but let's assume that the error is what google proclaims it to be.
I have full control over the GCP project utilized by my script, but I'm not aware of where to find the project that was used to authorize the request.
Where might I gain access to this GCP project so I can assign my script to this project, thereby eliminating the 403 error?
Thanks!
To use OAuth Access Tokens from the OAuth Playground with Apps Script, you need to specify the correct Client ID and Client Secret from the same project.
In the OAuth Playground. Click on the gear icon (top right). Select "Use your own OAuth credentials". Then enter the Client ID and Secret ID created in the same project as Apps Script.
To query a Google URL using a valid Access token with Postman you can log the access token from apps script and use it after.
In your apps script after validating scope, i.e. running a first time the script, log the token :
function logToken(){
Logger.log(ScriptApp.getOAuthToken());
}
Then in Postman query the Google URL by setting in the header the access token :
"Authorization": "Bearer THE_ACCESS_TOKEN"
Security warning : for security reason I have to tell you that an access token is valid 1 hour so technically if you grant full drive scope to your app with this access token we can browse all your Drive.
I'm hoping to automate some HR work by running a Google App Script via the Execution API. Without getting too much into the details, I'd like to pass employee evaluation data as a parameter into the App Script. The script will then use this data to compile an "Employee Review" GDoc.
So far, I have ran a simple test App Script using the Execution API. For example, I can successfully run a simple function which logs a string or interacts with spreadsheets. So far so good.
But I run into problems when trying to write to a GDoc (which is unfortunately integral to my task). Here's my paired down script:
// TODO: Eventually, we'll pass these variables as arguments
var docId = "MY-DOC-ID";
// Find the team member review doc
var doc = DocumentApp.openById(docId);
// Replace placeholder text
var docBody = doc.getActiveSection();
docBody.replaceText('{{DATE}}', "Date set by App Script!!!");
doc.saveAndClose();
This script works when I press the "Run" button in the App Scripts web UI. But when I try to run via the Execution API, I get:
{
"error": "unauthorized_client",
"error_description": "Unauthorized client or scope in request."
}
So apparently I haven't provided the correct scope? Following the docs, I can find the necessary scope(s) in Project Properties > Scopes which says:
But when I try adding that scope, it wont work. As I said other scopes (e.g. https://www.googleapis.com/auth/spreadsheets) work just fine. Perhaps the auth/documents scope is no longer supported or there's a bug in their API?
Questions
What is the correct scope? I can see a big list here but I don't see https://www.googleapis.com/auth/documents, so?
Any other suggestions? For example, is it possible to write to a Google Doc using the Google Client API directly (i.e. without using App Scripts)?
Doh. I figured out the solution to my problem. While it was a dumb mistake, it's nevertheless worth posting as it may save others confusion in the future.
First, a little context about my setup. I'm authenticating to the Google Client API using a Service Account. Furthermore, as is common when using a service account setup, I am impersonating a user within our organization (specifically my own account).
My missing step (obvious in hindsight)...
Log into the App Script web UI as the person you are impersonating.
Manually run the script by pressing the play button
If the impersonated user has not already granted permissions to access the required scopes, you will be prompted to do so.
After granting access (specifically for the https://www.googleapis.com/auth/documents scope), my authorization error disappeared.
So the lesson: Make sure the account you are impersonating has granted access for all the scopes which your script requires.
I'm trying to set the Gmail signature of the user executing the script (Execute the app as: "User accessing the web app"; Who has access to the app: "Anyone within my domain") using the following function:
function setSignature(signature) {
var newSig = Gmail.newSendAs();
newSig.signature = signature;
Gmail.Users.Settings.SendAs.patch(newSig, "me", Session.getActiveUser().getEmail());
}
where signature is some html. This function is called from a client-side script when a form is submitted:
google.script.run.withSuccessHandler(signatureSuccess).setSignature($("#signatureParent").html());
The user is served a web app using the HtmlService containing the form. The Gmail API has been enabled in both the Advanced Google Services window as well as the Google API Console.
My issue is that when the I try and execute the function I receive the following console error message:
The message states that the auth scope gmail.settings.basic is missing. This is despite the user authorizing the web app before any html is served:
How do I fix or work around this issue?? The strange thing is I've had this working previously so I don't know what I'm doing wrong.
EDIT:
I've noticed that if I create a simple Apps Script with just the function:
function testSet() {
var testSig = "signature";
var newSig = Gmail.newSendAs();
newSig.signature = testSig;
Gmail.Users.Settings.SendAs.patch(newSig, "me", Session.getActiveUser().getEmail());
}
And leave out everything else I get presented with these permissions to authorize:
If I click Allow it works! So clearly "Manage your basic mail settings" a.k.a. auth scope gmail.settings.basic is required and isn't being asked for in the more involved script.
So how do I force that permission to be acquired or how do I rewrite my script to get the correct set of permissions needed?
After extensive testing I've determined that this issue is a bug in Google Apps Script in determining what scopes are required.
A basic version of my script requires these scopes (File > Project Properties > Scopes):
Extending the script to interact with Google Drive modifies the scopes to this:
By dropping the required gmail.settings.basic scope a critical function within the script is denied permission to run. Infuriating.
I was also facing the same issue on nodejs application, the solution is to generate referesh token using this required scope which is mentioned in the rest api documentation find below.
rest apis documentation
you can create refresh token using required scopes on this link if you're logged in developer account.
https://developers.google.com/oauthplayground:
I'd like to use a service account to access a Google Sheet via the Apps Script Execution API, but it's not clear from the documentation whether this is supported.
The steps I've tried (which result in a 403 status from the Execution API) are:
Create a new (unbound) Apps Script
Visit the linked Developer Console project
Enable the Execution API
Create a new service account within the same project (downloading
the generated JSON file)
Create a new Google Sheet and share it with the service account's
email address (this is the step I'm least sure about)
Write an apps script function that reads from the spreadsheet
Run the script manually from the Script Editor (to set the scopes
on the script correctly)
Publish the script ("Deploy as API executable"), making it accessible
to 'anyone'
Mint a new OAuth2 token using the service account and the scopes
linked to the script (in our case just
'https://www.googleapis.com/auth/spreadsheets')
Attempt to make a call to the Execution API using the token
This is the response I got:
{
"error": {
"code": 403,
"message": "The caller does not have permission",
"status": "PERMISSION_DENIED"
}
}
Does this not work because Service Accounts are never able to access the Execution API? Or is there something wrong with the steps above?
Your original 403 error indicates that you have incorrectly set up authentication for your service account. However, even if you get that working, as of now (10 Nov 2015) you cannot execute Apps Scripts via the Service Account.
It's a known bug, and is being tracked in the Apps Scripts Issue Tracker.
Currently(2020), Service accounts cannot work with Apps script API. As written in the documentation,
Warning: The Apps Script API does not work with service accounts.
Your problem is probably that the script is associated with the wrong project (i.e. its own project, instead of the project associated with your Service Account). Here is what you need to do:
From the Scripts editor select the following menu item: Resources > Developer Console Project.
On this screen enter the project number for your dev console.
cf this answer