oAuth2 authentication for shoeboxd

EzyOauth2 has now been superseded by Goa, so this document is for legacy information. For more information see OAuth2 for Apps Script in a few lines of code. If you are using EzyOauth2, it's easy to migrate. If you are starting up, consider using Goa instead - it's easier and has more features.

In EzyOauth2 - taking some pain out of Apps Script API authentication, I provided a library to simplify oAuth2, then in EzyOauth2 patterns I showed simple patterns for creating apps. Multiple oAuth2 authentication packages showed how to create multiple authentication packages in the same project. 

Here's a new one - this time for the shoeboxd  service. 

For other authentication packages, see 
only a few minor modifications are needed from the shoeboxd version shown below. You'll need the code from EzyOauth2 patterns to build your own app around, and also include access to the library in EzyOauth2 - taking some pain out of Apps Script API authentication

Getting started

You need to set up your application on the shoeboxd site - this time by following the links in the shoeboxd api github page.  You'll get a client id and a secret. I'm setting a scope of ALL, and you can get the redirect URL for your webapp by publishing it, running it, and taking note of the Url it shows.

Package Names

You need to add these to your one time credential storing function.  I've called it shoeboxd.

function oneTimeSetProperties () {
  setAuthenticationPackage_ ({ 
    clientId: "xxxxxxx",               
    scopes : ["all"],
    service: "shoeboxd",
    packageName: "shoeboxd"


Service names

I already added the shoeboxd service to the cEzyOauth2 library.

    var PACKAGELIST = [
      { name:'google',
          authUrl : "https://accounts.google.com/o/oauth2/auth",
          tokenUrl: "https://accounts.Google.Com/o/oauth2/token",
          refreshUrl: "https://accounts.google.com/o/oauth2/token"  
      { name:'linkedin',
          authUrl : "https://www.linkedin.com/uas/oauth2/authorization",
          tokenUrl: "https://www.linkedin.com/uas/oauth2/accessToken",
          refreshUrl: "https://www.linkedin.com/uas/oauth2/authorization" 
      { name:'soundcloud',
          authUrl : "https://soundcloud.com/connect",
          tokenUrl: "https://api.soundcloud.com/oauth2/token",
          refreshUrl: "https://api.soundcloud.com/oauth2/token" 
      { name:'podio',
          authUrl : "https://podio.com/oauth/authorize",
          tokenUrl: "https://podio.com/oauth/token",
          refreshUrl: "https://podio.com/oauth/token" 
      { name:'shoeboxd',
          authUrl : "https://id.shoeboxed.com/oauth/authorize",
          tokenUrl: "https://id.shoeboxed.com/oauth/token",
          refreshUrl: "https://id.shoeboxed.com/oauth/token" 


A web application.

The only difference between this and the example shown in EzyOauth2 patterns, is that I am calling different function names and package name. You have to run this at least once to set up the token/refresh structure. It will show you the redirect URI, which you can add to your shoeboxd application definition, then it will take you through the shoeboxd authentication dialog. Future accesses to shoeboxd will pick up the access or refresh token from your script properties (webapp or not - they use the same token)

 * this is your web app
 * @param {object} webapp param object
 * return {HtmlOutput} 

function doGet (e) {
  return doGetPattern(e, constructConsentScreen , doSomething ,"shoeboxd") ;

 * tailor your consent screen with an html template
 * @param {string} consentUrl the url to click to provide user consent
 * @return {string} the html for the consent screen
function constructConsentScreen (consentUrl,redirectUrl) {
  return '<p>Redirect URI to be added to cloud console is ' + redirectUrl + '</p><a href = "' + consentUrl + '">Click to authenticate to shoeboxd</a> ';
 * this is your main processing - will be called with your access token
 * @param {string} accessToken - the accessToken
function doSomething (accessToken) {
   var options = {
     method: "GET"

  var result = UrlFetchApp.fetch("https://api.shoeboxed.com/v2/user", options);
  Logger.log (result.getContentText());
  return HtmlService.createHtmlOutput (' it worked' + result.getContentText());



Once your credentials are set up, all you have to do is pass the function that does the work to doGetPattern(e, constructConsentScreen , doSomething ,"shoeboxd")   and it will be called with a fresh accessCode.