Get Email contact list from Google Apps Directory? - google-apps-script

Is there any other way I can access to the email contacts under Google Apps Directory in Google Apps Script?
As I had tried the alternative way: UserManager.getAllUsers() in Google Apps Script to access user info but then faced access permission.

The documentation for UserManager says
This class allows administrators to create, update, retrieve and delete users in a Google Apps domain. To use this class you have first to enable the Provisioning API on your domain. For a next-generation control panel, enable the API by logging in to your admin account, and select Domain settings and the User settings tab to select the checkbox enabling the Provisioning API. If your control panel is not Next generation, enable the API by logging in to your admin account, and clicking the Users and groups tab. Then click the Settings subtab, select the checkbox to enable the Provisioning API and save your changes.
Can you confirm that you have the next gen control panel or the API enabled.

Related

Deploy Appscript as Webapp from Google sheet Add-on

I want to create a Google sheet add-on where the user can create an HTTPS endpoint in his sheet, that can act as a webhook for an external service. I can see it is possible to do this manually by launching app script code using the 'Deploy a script as a web app' option from the Script Editor
https://developers.google.com/apps-script/guides/web#deploy_a_script_as_a_web_app
Is it possible to automate this in app-script so that the user can configure this in the add-on UI only and in the background, app-script launches the endpoint and can return the endpoint URL to the user?
A Google sheets add-on is a single project shared across all users of the add-on. So, even if any user was allowed to use "Deploy as webapp" feature, Deploying it will create a single endpoint for all users of the addon and NOT a unique url endpoint for each user.
It might be possible but you'll likely need the user to grant your app access to restricted scopes, in which case your add-on will need to undergo a security assessment which will run you anywhere from $15,000.00 to $75,000.00.
You can try leveraging the Apps Script API to create a script project specific to the user and use that project to deploy a web app on their behalf. Not sure if it will work, but you can try playing with the following API endpoints:
https://developers.google.com/apps-script/api/reference/rest/v1/projects/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/create
https://developers.google.com/apps-script/api/reference/rest/v1/projects.deployments/update

Remove the web apps from the G Suite Admin Console by using Google Apps Script

Suppose I have list of web apps in G Suite Admin console. I want to remove the web apps from the list. I know i can remove my web app from admin console one by one.
But I want to remove (or revoke) the web apps using Google Apps Script. Can we do it?
Will this code do the trick?
var res = UrlFetchApp.fetch(https://accounts.google.com/o/oauth2/revoke?token=" + ScriptApp.getOAuthToken());
Logger.log(res.getResponseCode());
The code that is included in the question will not do "the trick".
You need to use the G Suite Admin SDK Directory API. Fortunately, Google Apps Script has it as an Advanced Service -> Admin SDK Directory Service.
At this time it's not possible to uninstall / revoke domain-wide installed apps but it's possible to do this on a user by user basis.
By using this service, first you should get a list of the domain users, then get the tokens. From each token you should get the clientId, then using the user primary email address and the clientId you could delete the token so the web app will not be able to access the user data and do things on behalf the users anymore but bear in mind that they could authorize these apps again unless you disable this permission on the G Suite Admin Console.

Delegate domain wide authority for a script bound to Google Forms

I want to get and set auto forwarding details for a user in the company domain. My admin made me a delegated admin so that I can fetch user data using AdminDirectory.Users.
However, when I try to fetch auto-forwarding/Label/Filter data for a user using their userID, the following error is thrown :
Delegation denied for some.user#domain.com
This is the line that evoked the error :
var labels = Gmail.Users.Labels.list(user.id);
It seems that this can be carried out by delegating domain-wide authority to a Service Account. However, when I tried the steps highlighted in this link : Link , the page asked me to select a project.
This script doesn't feature in those projects, I am not sure if it is because it is bound to Google Forms.
Any suggestions on how to give the same domain-wide authority privileges to this script?
Please help!!
To create a service account for the Google script:
Start in the Google Script IDE itself and from the menu choose Resources > Developer Console Project...
Click on the link labeled "This script is currently associated with project:" located near the top of the dialog.
From there click Credentials in the left navigation and then Create credentials > Service account key follow the flow to create a service account - for Role, choose Project > Service account actor.
You can then use the private key and client id from the downloaded .json file in your Google Script.
Note: You'll need to:
Get the G Suite domain admin to set up your client_id with the scopes you want. https://developers.google.com/identity/protocols/OAuth2ServiceAccount#delegatingauthority
Use the Gmail API via UrlFetch because you can't make the Gmail advanced service use a different OAuth token. You can use the OAuth2 library for that and follow this example: https://github.com/googlesamples/apps-script-oauth2/blob/master/samples/GoogleServiceAccount.gs
First, make sure that you enable the domain-wide delegation for your service account which is stated in the link that you provide. Because the service account that you created needs to be granted access to the Google Apps domain’s user data that you want to access.
Also in your Apps Script code, go to the Resource -> Advance Google Service, make sure you enable all the Google Service that you use for your application that you create here.
For more information, check these threads:
Perform Google Apps Domain-Wide Delegation of Authority
Delegation Denied for ""
Trouble Implementing OAuth in Google Apps Script (Using Domain-Wide Delegation)

Force asking permission with Apps Script?

I'm developing an Apps Script that has a sidebar and a dialog, each need differing levels of permissions to ask the user to be granted.
The application needs access to Read/Write the user's Google Drive API, Google Picker, access to Web Cam and Microphone, Web Speech API, and Google Docs API.
How can I get prompt the user once for all permissions needed, instead of having to force the user to launch open the sidebar and dialog once separatelu, each via the add-on menu?
You can add naked API app calls in the host script to prompt any scopes you will subsequently need. e.g.
var cal = CalendarApp,
Drv = DriveApp,
…
etc.
This will prompt for permission for access to users calendars
The webcam is a different beast however and will depend on a users browser settings and indeed which browser they are using. Chrom, for example, has an option to always prompt for permission to use the webcam.

Can't make a Google Apps Script publish for anonymous users

I've built a Google Apps Script and when I try to publish it won't show an option to allow anonymous users. There are only two options: "Only myself" and "Anyone within mydomain.com"
We're using Google Apps for Business (or Work is it now?).
How do I make the other options available?
Sharing outside your Google Apps Domain may be disabled in Admin Console.
In your Google Apps Admin Console, go to Google Apps section, then Drive, click Sharing Settings and check that "Users can share files outside this organization" option is selected. Also select appropriate checkboxes below that option as necessary.
If your organization policies prevent sharing outside your domain, you can create and deploy your webapp from your personal gmail account instead.