Our organisation is using Google Apps for Edu and am scripting some things we usually do only from the administration app / console so I guess the script / app am developing will require privileged "permissions".
I have tried using all the combinations in the "Deploy as web app" screen (Publish => Deploy as web app), yet the app URL displays our Google Apps for Edu login screen, and I think it's because am doing admin stuff like UserManager.createUser().
I am wondering how the judges will now be able to access my app, or maybe am missing out something
What are the 'some things' ? The security model is really simple.When you publish your web app, you have 2 choices - one, the script runs as 'you' and the other the script runs as the user running the script. Depending on how you set it up, the judges will either see an authorization message (script run as user) or see the script in action (when run as you). See https://developers.google.com/apps-script/execution_web_apps#permissions
Related
I just deployed my app script(web app) and I got my Url (https://script.google.com/macros/s/blahblah.../exec).
( setting [Who has access to the app: ] -> [Anyone] )
So I worried about that my Url can be known for anyone in the google search.
I want to use this link only with my friends.
Is it safe unless I don't share the Url to others? (except my friends)
or is there anyway to force to request permission to my web app? (without using G suite, google Workspace)
Thank you.
Your Web App is not indexed by Google
Unless you share your project URL with other people, they can't directly access to it.
According to the documentation the app can be executed as you or as the user accessing the web app. You can limit the access to your resources by changing the user who's executing your app.
I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps
I am new to Google Addon development. I have been working to develop a Gmail addon using the Google Apps script.
My current requirement is to retrieve some information from a website which is authenticated in the same browser (in a different tab). The website supports different authentication types (SAML SSO, Active Directory etc) and require multi factor auth. So it is not possible (or practical) to perform all types of authentication from the Apps Script.
Instead, My idea was to have the user login manually (not the addon script itself) into the site (using whatever authentication is configured for the user) . The login action results in authentication cookies stored in the Browser. I want use those cookies in this Addon script to perform API.
This works fine with chrome extensions.
So, My question is, is it possible to retrieve stored cookies in a browser using the URL name from the Apps Script?
This is strictly not possible. Google Apps Script code does not run in the browser. Although Apps Script shares many conventions and similarities with frontend (browser) development, it actually runs in a sandboxed environment on Google's servers, so it is not possible to access the standard web APIs that you're used to when developing for the browser.
I have to write a small reservation web app to be used inside the company where I work. I decided to try out Google Apps Script (GAS). In short, the user must be able to select any equipment in a list and submit it along with a date he's planning to use it and his identification (this small system must implement the complete CRUD).
The environment:
Google Spreadsheet as a database
Interface made with GAS published as a Web App
The app will be accessible just to members of the company's domain, but I'm developing it in my personal account for now.
In the development environment, everything works fine. Then I deploy it as web app the project (Execute app as: Me; Who has access to the app: anyone). When anyone acess the link, I can't retrieve the user information (Session.getActiveUser().getEmail()). It always retrive the developer information (my information). If I switch the "Execute app as" to "User accessing the app", then the app can't access the spreadsheet that is making the role of the database. In the development environment this works fine.
The rest of the web app is working fine. I just wanted to get and record the identity (email) of who made de reservation in an automatic way (not by asking the user to type this information).
Do I have to setup something else before people can access it?
Thanks in advance.
[EDIT 1]: The situation changed a little bit. I made a few more tests and it seems that the deployed web app get updated just when I save it as a new version in the project. Anyway, I still can't retrieve the active user email. The Session.getActiveUser().getEmail() now returns a blank string.
[EDIT 2]: Following Sujay Phadke's answer bellow, I tried migrating the web app to the company's environment. It worked like a charm.
Juliano
It's well documented here: getActiveUser
When the webapp permissions are set as "execute as me", it seems that the returned userid string will be empty. It also depends on your specific domain permissions as mentioned there.
I'm using free Google Apps subscription and I've published self-made extension in Chrome Store. Also, I need to restrict access to that extension to only my domain users.
I tried to follow Google manual, but I couldn't get access to 'Device management > Chrome management' (got an unexpected redirect from 'Device management' page to Apps list while clicking on 'Chrome management' link) and there was no option 'everyone at mydomain.com' into extension 'Visibility section' — only 'trusted testers'.
So, maybe it's because of my free subscription or it's Google Apps issue or I do something wrong?
No, That feature (and process) is only available for Google Apps for work and Education accounts.
However, you can try to restrict access to your chrome extension (using your free account) before publishing it to public by publishing it to test accounts.
Publishing to test accounts
When you publish to test accounts, your app’s store listing only appears to you and any users who are logged into these test accounts that you specify. Your app won’t appear in search results, so you’ll need to give testers a direct link to your app’s listing. Testing also gives you a chance to see how the license server integrateswith your app if you plan to charge your it using Chrome Web Store Payments.
To edit your list of accounts, click Edit your tester accounts. You can enter single accounts, or create a Google Group so that this set of users can test your app. See the section below to learn how to set up Group Publishing.
Once you’re ready to publish, click Publish to test accounts.
You’ll need to unpublish the app if you want to publish to the world later.