I have a Google Drive enabled application that I'm trying to get into the Google Apps Marketplace. It was rejected because:
Your request begins : https://www.google.com/accounts/o8/ud?openid
It should look more like :
https://www.google.com/a/DOMAIN_GOES_HERE/o8/ud
I've not been able to get an response from anyone at Google as to what this means.
We based our Drive operations on the Java DrEdit example.
Is it possible, using the Google API Java Client Library, to use the second domain above, if so, how?
Also, even if it can be accessed, does it have access to the file permission settings I need in order to perform the various Drive operations?
The answer is that it's not possible at this time. The variant of OAuth2 used with Google Drive does not permit forcing login to a particular domain.
The Google Apps Marketplace storekeepers should be allowing such applications to be accepted until a workaround is found.
Related
I've built a Google Sheets add-on that retrieves data from the Google Search Console API and writes it to the user's spreadsheets.
Since the Search Console API isn't available in the "Advanced Google services" section in Apps Script, I used the OAuth2 library available on GitHub, with the "https://www.googleapis.com/auth/webmasters.readonly" scope. It currently uses separate credentials in the Developer Console.
While the add-on works fairly well, when a user installs it for the first time, he/she has to authorize it using Google's OAuth process for certain scopes that are automatically detected in the script (managing spreadsheets, send emails, do external requests, and so on). After the authorization is completed, the add-on displays the usual add-on sidebar where the user has to do an additional OAuth process, this time for approving access to the Search Console API (via the OAuth2 library mentioned earlier).
My goal would be to include the Search Console scope in the initial OAuth process, so that users wouldn't need to go through the process twice. Unfortunately, the "Scopes" section in the Apps Script Project Properties isn't editable, so I cannot add that manually, and as far as I know there's no way to make it so it gets automatically detected.
Is there any way to do that? Would it make any difference if I were to use the Apps Script credentials for the OAuth2 library that I'm using to access the Search Console API (instead of having a separate set)?
Thanks!
As stated in this documentation, Google Apps Script can interact with APIs from all over the web. This guide shows how to work with different types of APIs in your scripts. You can use the UrlFetch service to make API requests directly.
Make requests to services with OAuth
APIs that act on behalf of a user usually require authorization, often using the OAuth protocol. Apps Script doesn't provide built-in support for the protocol, but there are open source libraries you can use to perform the OAuth flow and send the credentials with your requests:
OAuth1 for Apps Script: Compatible with OAuth 1.0 and 1.0a.
OAuth2 for Apps Script: Compatible with OAuth2.
This link might also help:
Making HTTP Requests Directly
If Google Authentication is desired for external applications, or a Google API is not available yet in this library, HTTP requests can be made directly.
The authorize method returns an authorized Guzzle Client, so any request made using the client will contain the corresponding authorization.
It is now possible to customize the OAuth list of a project via editing its manifest file: https://developers.google.com/apps-script/concepts/scopes
Google mentions that not all Google OAuth scopes are included (I haven't managed to find an exact list), but I've tested adding the Google Search Console scope and it seems to work fine.
I've added a few scripts to a Google Spreadsheet. One uses the Drive API. First time a person runs the script he has to manuallly enable access to Drive API and click on the link to Google Developer Console and enable access to Drive API.
There are about 100 people in my organisation who are going to use this spreadsheet and is there some way for me as a domain owner to enable Drive API so that the users don't have to do it by themselves?
/Magnus
Your users are going to have to create there own application in Google Developers console, and authenticate themselves.
Google Made a change recently that makes it against terms of service for you as a developer to give out your client id from Google developer console. So they will need to make there own. There is also no API that will let you automate this for them either.
As for authenticating that is the nature of authentication. Each user must give the application /or in this case script access to there account.
Sounds like you are doing everything correctly right now. It may seam time consuming but that is the way things have to be done.
I have a web application which have a document upload/download feature. I'd like to use Google Drive for storing these documents. Is it possible to have the web app own a regular Google account but that doesn't require user's consent for the app to access the Drive? Or is this only possible using a Service account?
Yes it's possible. see stackoverflow.com/questions/19766912/… for a set of steps to do this. "own" isn't quite the correct term, "access" would be better.
I have a webapp, mywebapp.com, that successfully gets user permission to access Google Drive, mostly following examples for server-side flow here:
https://developers.google.com/drive/web/auth/web-server
I successfully upload, then access those SAME files.
However, what I really want to do is access OTHER files, in particular Google Docs docs. Can this be done, and how?
If not, can it be done with client-side flow using regular JavaScript (not Google's hosted scripts)?
What your app can and cannot see is determined by the scope. The possible values are enumerated here https://developers.google.com/drive/web/scopes
What options are there to pull a GApps user creation date?
I saw that the Admin SDK is capable of it, is it the only API capable of doing this? does any of the previous one also capable of?
If possible using GAS, it will be most excellent,
Thank you!
Indeed there does not seem be Google Apps Script services to pull the creation date. The DomainUser class provide interesting functionality for interacting with domain users (only for admins).
Using the Admin SDK with Google Apps Script using UrlFetchApp.addOAuthService is not as complex as it looks. You can read this answer which will throw some light on how you can use external API calls for certain Google API and bring the data to Google Apps Script.
The scope for the ADMIN SDK will be as follows
oAuthConfig1.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken
?scope=https://www.googleapis.com/auth/admin.directory.user.readonly");
Notice that in this case I have requested a readonly scope.