Access to Web App - google-apps-script

I have to write a small reservation web app to be used inside the company where I work. I decided to try out Google Apps Script (GAS). In short, the user must be able to select any equipment in a list and submit it along with a date he's planning to use it and his identification (this small system must implement the complete CRUD).
The environment:
Google Spreadsheet as a database
Interface made with GAS published as a Web App
The app will be accessible just to members of the company's domain, but I'm developing it in my personal account for now.
In the development environment, everything works fine. Then I deploy it as web app the project (Execute app as: Me; Who has access to the app: anyone). When anyone acess the link, I can't retrieve the user information (Session.getActiveUser().getEmail()). It always retrive the developer information (my information). If I switch the "Execute app as" to "User accessing the app", then the app can't access the spreadsheet that is making the role of the database. In the development environment this works fine.
The rest of the web app is working fine. I just wanted to get and record the identity (email) of who made de reservation in an automatic way (not by asking the user to type this information).
Do I have to setup something else before people can access it?
Thanks in advance.
[EDIT 1]: The situation changed a little bit. I made a few more tests and it seems that the deployed web app get updated just when I save it as a new version in the project. Anyway, I still can't retrieve the active user email. The Session.getActiveUser().getEmail() now returns a blank string.
[EDIT 2]: Following Sujay Phadke's answer bellow, I tried migrating the web app to the company's environment. It worked like a charm.
Juliano

It's well documented here: getActiveUser
When the webapp permissions are set as "execute as me", it seems that the returned userid string will be empty. It also depends on your specific domain permissions as mentioned there.

Related

How to test a public Google Workspace Marketplace web app before submitting for review?

I have a web app to be listed in the google workspace marketplace. I have a list of scopes that is needed to solve my use case. I have the dev version as a private app which uses the service account, tested all the functionalities and made sure everything is working fine.
Now how do I test how the flow is going to look like for the public app? I understand if someone from my own domain installs the app, I will be able to get the data but the public flow through the service account is still unclear for me.
You can test your add-on with a limited list of defined external users.
To do that, you must set the User type as External > Testing within the Oauth consent screen settings in Google Cloud Console.
Keep in mind that only the users defined in the settings will be able to test the app however.
You may find more information here and here

How to troubleshoot Google login appearing when using Anonymous Web App

I am new to apps-scripts and want anonymous users to access my web app script that is container bound to a spreadsheet.
The web app displays a form that collects information that the script stores in the containing spreadsheet, it works perfectly when I am logged into my google account, but when logged out the web app url displays a google login screen instead of my form.
I am struggling for the way to troubleshoot this. I have checked:
the script is deployed to execute as 'me' and with access by anyone + anonymous
I am using the 'exec' url
I have put the oauth scopes into the manifest and reduced scope as I can
I have approved the unverified app.
Here are some extra elements that I don't know whether they are causing issues or not:
I add a single query parameter to the web app exec url before sending it to the user for them to use anonymously.
I have a number of other functions in the script apart from the doget(), these process data from the web app form, write data to the containing spreadsheet and return some of it to the user. In the same script I also add a menu to the containing spreadsheet.
There seem very few ways to get logging or troubleshooting information for this problem - especially with container bound scripts. Can anyone with more experience please explain why this problem might occur and suggest how I can troubleshoot and resolve it? As I say the web app url works perfectly when I'm logged in, but when I'm logged out or in incognito mode I get a Google account sign in form. Thank you.
I solved this whilst creating a minimal reproducible example as requested.
The problem lay in my confusion over deployments, /exec, /dev and V8 versus rhino.
This answer about /dev /exec is very helpful.
What I discovered is:
/dev always asks you to login to your google account if you're not logged in in your browser e.g. incognito mode.
As commented there has been some confusion under what circumstances V8 getUrl() returns /dev or /exec.
My suggestions for troubleshooting this for an anonymous web app:
Be very careful when testing anonymous web app using /dev - it will always lead to login request
Check very carefully what getURL() is returning - in combination with whether you are using rhino or V8.
I solved my particular problem by 'downgrading' to rhino by putting into the manifest: "runtimeVersion": "DEPRECATED_ES5"

Accessing web app developement URL from UrlFetch service

I'm trying to develop a simple web app using google script web app service and access it from another script using the UrlFetch service.
My problem is that in order to try the code on my web app I have to publish a new version every time because trying to access to the dev URL returns returns and HTML file telling me to sign in even though I've set the permissions for the web app to everyone, including anonymous (if I hit the production URL it does work, though).
I'm assuming that Google is limiting the access to the dev URL for security reasons but can someone shed a light on that assumption?
PS: I don't know if this is relevant but my google account is in a Google Apps for Education domain
Edit
I've found a method to avoid publishing the application for each code change: instead of calling it from the UrlFetch service, I've created a function in the web App code that does call the doPost or the doGet method (I've to create the request param, but that's easy) and I've changed the end of the script to log the result insted of returing it to the client. When the application will be ready, I can publish and develop the client using the UrlFetch.
Anyhow, if anyone knows about the limitation of the dev URL that would be great!
your assumption is correct, the dev url ignores your publishing permissions on purpose, only the developer has access to that url.
you could accomplish what you want using libraries. move the code in your called script to a library and add it to that script as "development mode" and publish your script service.
changing library code should also change your service because its on development mode.
Note that this can easily break your app if you save partial code changes, and makes it hard to test your changed code unless you make all changes and tests in a separate script copy. Making several changes at once in multiple apps script editor files is possible with their "Save all" File menu command (after manually pasting all code changes from your tested copy).

How to allow others to access a web app made from a Google Apps Script?

I deployed a web app from a Google Apps Script, but others don't seem to be able to run it.
(It runs fine for me when logged-in to Google)
I keep getting "Request to share" email, even though I set the source script to be "Public on the Web".
"Execute the app as:" is set to "User accessing the web app".
A link to the app is at http://truevis.com/rations
It could be very useful to others, but right now I think that no one else can run it.
The link you show here is the development link , the one that is described as "the last saved version of your code", this link is not shareable ... the one you should give to people is this one :
https://script.google.com/macros/s/AKfycbz1SKJi5HW1r2ZHiYpjedjul-IE4vcB266kdDzDrVCE/exec
it is shown in this popup window
beside that, the sharing properties of the script file is not relevant, you could keep it private.... only the settings in this window are important to determine who has access to your app and how (meaning run as you or as user accessing the app).
You should also keep in mind that users will see the version you have chosen in this same popup window, no matter the changes you could have saved and are using in your .dev version... so think about publishing the right version.
What I did to get it working:
I copied the GS code to a new file, deployed as Web app, then set "Execute the app as:" "me", "Who has access to the app:" "anyone even anonymous".
https://script.google.com/macros/s/AKfycbwPtys8PE8Wda_HS9rvrdftJ0TGbCfMlT5xLlfsNFt9m5uw6qM/exec
I think once you deploy a version with certain permission, it does not work properly if you change the permission for the same version.
Creating a new version seems to solve the problem

GAS: This application was created by another user, not by Google

I have made a script that is running as a 'Apps Script Gadget' in Google Sites. The script has access to my email and calender etc. because I need notifications if someone has used my script.
When I go to the site as "noname" user I get the message "This application was created by another user, not by Google. This application has access to the following personal information: email address." How do I get rid of this, the user is not interested if the script sends me a email or not.
Thank you for any advises.
Same thing happened to me; I commented out all references to the Session object but I still got the popup message.
When I removed the commented code entirely and re-published, everything worked fine. The message about access to the email info was gone.
I guess the google code holds onto an internal library reference even if there is commented code. Does not make much sense to me. But hope this helps.
If your script is not reliant on any of the users' information, I would suggest when deploying the web app to "Execute the app as" me. In the Publish > Deploy As Web App... pop-up, there's a dropdown for this.