How Do I Request "Send Email As You" Scope? - google-apps-script

I have a Google Apps script deployed as a Web Application, and then I have a web app. hosted at www.mjpanel.com, that calls the Google Apps script as a web service. In the www.mjpanel.com app, I synch. up with Google requesting the following scopes:
.init(
{
client_id: '[Client ID].apps.googleusercontent.com',
fetch_basic_profile: true,
scope: 'https://www.googleapis.com/auth/drive https://mail.google.com https://www.googleapis.com/auth/gmail.send'
}
);
This includes the request I can find for 'all gmail authorization'. When that call issues and the authorization box pops up telling them what my app. is requesting to do, one of the items is "Send Email On Your Behalf".
My Google Apps Script needs the permission to "Send Email As You", which is different than "Send Email On Your Behalf". Thus, when the app. reaches a point that it is going to issue a web service request to my Google Apps script that exercises the code to "Send Email As You", the web service call is failing due to the lack of permission. If I debug, capture the Google Apps script URL that the web service call is getting sent to, and paste into a browser tab, I get a return that is the button for the user to authorize my app. to "Send Email As You".
However, that is no good, because this is happening as a Web Service call.
What I need is a way to request the "Send Email As You" scope up front; but I can't find any documentation that tells me how to frame that scope request.
Thanks in advance for any help you can give me.

I believe the scope is https://www.googleapis.com/auth/script.send_mail.
To force a script to request that, you can write a commented use of MailApp e.g.
// MailApp.sendEmail();
It won't do anything but it will get detected by Apps Script which will prompt for authorization.

Related

Google Apps Script doGet(e) get user email

CURRENTLY
I want to collect the user email of users accessing my Google Apps Script webapp.
To achieve this I set Execute as "Me", with Who has access: "Anyone with Google account"
function doGet(e) {
let userEmail = Session.getActiveUser().getEmail()
return HtmlService.createHtmlOutput(
"<!DOCTYPE html><html><body>Email: "+userEmail+"</body></html>"
);
}
The deployment then has an EXEC link created:
https://script.google.com/macros/s/1234................56789/exec
ISSUE
When the execution link is accessed by a user in Incognito window, IE, or Firefox, the user is asked to log in on Google.
After the user logs in, the page returns:
Email:
WHAT I WANT
User access exec link, and is prompted to log into google
After logging into google, user receives HTML:
Email: users#email.com
NOTES
I recently tried adding:
"oauthScopes": [
"https://www.googleapis.com/auth/userinfo.email"
],
but this had no effect.
I believe your goal as follows.
When an user is logged in Google and access to the Web Apps, you want to retrieve the user's email address.
Modification points:
From your question, I confirmed that you deployed the Web Apps as Execute as: Me and Who has access to the app: Anyone with Google account. In this case, in order to achieve your goal, please deploy the Web Apps as follows.
Execute as: User accessing the web app and Who has access to the app: Anyone with Google account
And also, in this case, please redeploy the Web Apps as new version.
After you reflected above settings to the Web Apps, please test it again. In my environment, when an user who is not the owner of Web Apps accesses to the Web Apps, the user's email can be shown by your script. But, the user accesses to the Web Apps for the 1st time, it is required to authorize the scope of https://www.googleapis.com/auth/userinfo.email.
Note:
If above settings didn't resolve your issue, as a test, please remove "oauthScopes": ["https://www.googleapis.com/auth/userinfo.email"], from appsscript.json and test it again.
References:
Web Apps
Taking advantage of Web Apps with Google Apps Script

Why the Web Apps deployed with permission "user accessing the web app" started to respond with "you need permission?"

I have two GAS scripts. One of them is GSheets add-on another is Web App. The web app has doGet and doPost implemented. doGet returns custom HTML login screen. This screen is called from the GSheet script. After user logs into the web app I execute a doPost call to web app from the GSheet script to transform some data and return it as a JSON content.
The Web App is published with the following permissions
I need to run it as the "User accessing the web app" since I access user's drive and UserProperties service from the Web App.
When the doGet is executed for the first time from the Gsheets script the web app script request users permissions with the following OAuth scopes
"https://www.googleapis.com/auth/script.external_request"
"https://www.googleapis.com/auth/script.storage"
"https://www.googleapis.com/auth/drive"
User grants it and the Login page is rendered and works great.
When I execute the doPost call from the GSheet script I use:
UrlFetchApp.fetch('https://script.google.com/macros/s/<...>/exec', options)
The options object contains the Authorization: 'Bearer ' + ScriptApp.getOAuthToken(); basically user authorization of the GSheets script.
Everything was working great until yesterday. Now when I do the doPost call from the GSheets script I get the following HTML as a response.
Any ideas what is wrong here and why it stopped working without any changes? Perhaps some GAS update?
If I share the source code with the user who runs the scripts the issue is gone. I believe the issue could be related.

Cannot call Google Apps Script doPost() method from Twilio number

Trying to receive an SMS at my Twilio number and send a POST request to a Google Apps Script app URL as a result of the received SMS.
I have this doPost() message:
function doPost(request) {
return ContentService.createTextOutput("User says: "+JSON.stringify(request));
}
Some text should be spit out containing the request data.
My doPost() method never gets called. I can't tell if the POST request is actually being sent by Twilio. I see in the Twilio number message log that my SMS is received by Twilio. But after that I can't tell. I have the Twilio number configured for webhook - HTTP POST, and the published URL of my Google Apps Script project. If I change that to HTTP GET my doGet() method DOES get called. I need to doPost() method called, though. any suggestions? TIA.
How about the following confirmation?
Confirmation points :
Redeploy Web Apps as a new version again.
When the script is updated, Web Apps is required to be redeployed as a new version for reflecting the update.
Confirm setting for Web Apps.
"Execute the app as:" is "Me".
"Who has access to the app:" is "Anyone, even anonymous".
Retrieve a log of request using Stackdriver.
The sample script is as follows. Please copy and paste it. And redeploy Web Apps.
Request POST.
On script editor, click View -> Stackdriver Logging
By this, when POST request is received, you can see the log.
Sample script :
function doPost(request) {
console.log(JSON.stringify(request)); // Here
return ContentService.createTextOutput("User says: "+JSON.stringify(request));
}
By above confirmation, the reason of your problem may be found. But if this was not useful for you, I'm sorry.
I decided to just use doGet(). See my response to the previous comment.

Set email signature using Google Apps Script with Gmail API

I'm trying to set the Gmail signature of the user executing the script (Execute the app as: "User accessing the web app"; Who has access to the app: "Anyone within my domain") using the following function:
function setSignature(signature) {
var newSig = Gmail.newSendAs();
newSig.signature = signature;
Gmail.Users.Settings.SendAs.patch(newSig, "me", Session.getActiveUser().getEmail());
}
where signature is some html. This function is called from a client-side script when a form is submitted:
google.script.run.withSuccessHandler(signatureSuccess).setSignature($("#signatureParent").html());
The user is served a web app using the HtmlService containing the form. The Gmail API has been enabled in both the Advanced Google Services window as well as the Google API Console.
My issue is that when the I try and execute the function I receive the following console error message:
The message states that the auth scope gmail.settings.basic is missing. This is despite the user authorizing the web app before any html is served:
How do I fix or work around this issue?? The strange thing is I've had this working previously so I don't know what I'm doing wrong.
EDIT:
I've noticed that if I create a simple Apps Script with just the function:
function testSet() {
var testSig = "signature";
var newSig = Gmail.newSendAs();
newSig.signature = testSig;
Gmail.Users.Settings.SendAs.patch(newSig, "me", Session.getActiveUser().getEmail());
}
And leave out everything else I get presented with these permissions to authorize:
If I click Allow it works! So clearly "Manage your basic mail settings" a.k.a. auth scope gmail.settings.basic is required and isn't being asked for in the more involved script.
So how do I force that permission to be acquired or how do I rewrite my script to get the correct set of permissions needed?
After extensive testing I've determined that this issue is a bug in Google Apps Script in determining what scopes are required.
A basic version of my script requires these scopes (File > Project Properties > Scopes):
Extending the script to interact with Google Drive modifies the scopes to this:
By dropping the required gmail.settings.basic scope a critical function within the script is denied permission to run. Infuriating.
I was also facing the same issue on nodejs application, the solution is to generate referesh token using this required scope which is mentioned in the rest api documentation find below.
rest apis documentation
you can create refresh token using required scopes on this link if you're logged in developer account.
https://developers.google.com/oauthplayground:

Authorisation google urlfetch api only in script editor possible, not with web app/service UI

We build a service with google apps script (deployed as web app).
This service script uses a google api with UrlFetchApp and oAuthConfig. Our script and service is working without problems.
Problem:
If a new user wants to use our service, he starts the service url and the service opens. In this process he has to authorise everything the script function uses without the with urlfetch used api. So, if he starts the service again, he get the error message: "Authorization is required to perform that action".
The only way we found to authorise the urlfetch-api is that the user go into the scripteditor and start the function from the editor UI. If he do so, he can authorise this api. Afterwords he can start the service via url and everything is working well.
Do anybody know a better way to authorise the user without doing this in the editor?
There is an open issue since July 2011, issue 677 and a lot of people are waiting for that...
User can run script directly as url from browser and will get the standard authorisation dialogue at that point. You can make it a bit more user friendly by providing a link and a tailored response in html.