I'm trying to create a google apps script project where is required to access by anyone (people with google account) and executed by the same user (user accessing the web app). I've published the app as "web app" and it work with the given url.
Since i need to this web app as a web service using ajax, the browser console return an error of unauthorised access (No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'x' is therefore not allowed access.) this doesn't happen if the web app is published as "Executed by my" and "access by anyone, even anonymous"
anyway, i'm following the instructions in Google Sign-In for Websites and it said i need to access in google developer console to get credential for the project but my google apps script are not displayed in the project list.
Open up the script, go to Resources > Developer Console Project > click on the link attached to the script.
Related
I write an add-ons, and publish it.
But when the user open that first, it will see:
It show "This app isn't verified", how should i setting my app's configuration to fix it?
This has been addressed here in Requesting verification docs:
Requirements
In order to submit your OAuth client for review and verification, you must:
Own a domain and have verified ownership with Google, and
Have a page describing your app's privacy policy hosted within the domain.
You do not need to publish your app from an account in this domain.
Steps
In the Apps Script editor, select File > Project properties > Scopes. 2. Make a note of all the scopes your script project uses.
Ensure that you have access to the Cloud Platform project for your Apps Script Project. If your project resides in a Team Drive, you must associate it with a new Cloud Platform project.
Access the API Console by selecting Resources > Cloud platform project… In the dialog that opens, click the top link, which is typically something like [Script Name] - project-id-123456789012. This opens your script's Cloud Platform project.
If you can't find the left nav bar, click the menu icon in the top left.
In the nav bar, select APIs & services > Credentials.
On the OAuth consent screen tab, fill in your Privacy policy URL. This URL must be hosted in a domain you own.
On the Credentials tab, make a note of the Client ID for the Apps Script OAuth client.
In the upper-right corner of the API Console, select ⋮ > Project settings.
Make a note of the Project ID for your Cloud project.
File a review request of your project’s OAuth client. You'll need the client and project IDs you noted, as well as your privacy policy URL and the list of scopes your app requires.
Most verification requests receive a response within 24 to 72 hours. When verification of your OAuth client is confirmed, your app is verified.
I developed an Apps Script Web App that uses some Google Apis (drive, calendar, etc.).
I wrote Terms and Privacy Policy and requested Google to approve it, and they keep bugging me that I need to remove, from "Authorized Javascript origins", anything that is not hosted on my real TLD's (own domains).
The problem is I need to put on the authorized origins some https://n-blablabla-0lu-script.googleusercontent.com URL's, because those are the origins of the Apps Script itself, where the LOGIN button is.
Basically when someone enters my app, if it is not yet logged in, I show in the app itself a Login button, and once the user logs in, I request the permissions. This is pretty common, and since the Apps Script runs in google platform, it has google on its URL/origin.
I spent ~2 weeks with Google Support trying to explain them that I cant remove those authorized origins of https://n-blablabla-0lu-script.googleusercontent.com, otherwise, I do get this:
idpiframe_initialization_failed: Not a valid origin for the client
The Google Sign-in library requires that the domain registered in the Google Developers Console matches the domain being used to host the web page. Ensure that the origin you registered matches the URL in the browser.
the Web App is embedded on a Google Sites (new) iframe
I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps
I write an add-ons, and publish it.
But when the user open that first, it will see:
It show "This app isn't verified", how should i setting my app's configuration to fix it?
This has been addressed here in Requesting verification docs:
Requirements
In order to submit your OAuth client for review and verification, you must:
Own a domain and have verified ownership with Google, and
Have a page describing your app's privacy policy hosted within the domain.
You do not need to publish your app from an account in this domain.
Steps
In the Apps Script editor, select File > Project properties > Scopes. 2. Make a note of all the scopes your script project uses.
Ensure that you have access to the Cloud Platform project for your Apps Script Project. If your project resides in a Team Drive, you must associate it with a new Cloud Platform project.
Access the API Console by selecting Resources > Cloud platform project… In the dialog that opens, click the top link, which is typically something like [Script Name] - project-id-123456789012. This opens your script's Cloud Platform project.
If you can't find the left nav bar, click the menu icon in the top left.
In the nav bar, select APIs & services > Credentials.
On the OAuth consent screen tab, fill in your Privacy policy URL. This URL must be hosted in a domain you own.
On the Credentials tab, make a note of the Client ID for the Apps Script OAuth client.
In the upper-right corner of the API Console, select ⋮ > Project settings.
Make a note of the Project ID for your Cloud project.
File a review request of your project’s OAuth client. You'll need the client and project IDs you noted, as well as your privacy policy URL and the list of scopes your app requires.
Most verification requests receive a response within 24 to 72 hours. When verification of your OAuth client is confirmed, your app is verified.
I have a google drive application that does not request offline access and is already installed and authorised by the user. If the application requests authorisation itself, there are no problems.
However, recently, every time a file is opened from the Google Drive UI, an authorisation prompt appears:
This app would like to:
Have offline access
Oking this request will still mean it appears the next time a file is opened. I can see in the url that Google Drive generates that it requests "access_type: offline". I see no settings in the cloud console to control this and its very confusing for users. How can it be prevented?
I see a number of similar questions but not quite like this:
How to disable offline OAuth2 access from Google Drive SDK initiated connections?
Second authorization with same scope and offline access_type has unexpected permission dialog
"This app would like to: Have offline access" when access_type=online
The App keeps asking for permission to "Have offline access", why?
Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")