Accessing as the user running the script

This describes how to authenticate with Google Datastore using Goa accessing user resources, as described in Oauth2 for Apps Script in a few lines of code (which you should read first for background).

The library, cGoa, is available under this project key.

MZx5DzNPsYjVyZaR67xXJQai_d-phDA33

Accessing user resources

Up till now, the OAuth environment has been mainly focused on apps you write to access your self, or your resources. The other use of OAuth is to get consent from users to access their resources. In this case, each individual user needs to give consent for the scopes your app app is requesting. 

Goa does this by expecting to store user refresh information in the specific users property store for this script. So if you have a web app published like this

you need to add one line to your doGet() dialog. As normal, once authorized for a specific user, refreshing will be automatic by defaultt (unless revoked)

Setting up

Even though the token properties will be stored by user, you still need to set up the app credentials once in the script properties store. This is because each user references these for the project details, even though their token and refresh information is individually stored in the user properties.

You'll need to create an App. The dashboard/developers console can be found here. Your one time setup would look something like this. Note that you can use the same credentials and package name as used in Google Datastore service for Goa examples (which was for apps being run as you) as the template for credentials to be used for apps being run as the user.

cGoa.GoaApp.setPackage (PropertiesService.getScriptProperties()  , {
  clientId : "10xxxxxxxx3.apps.googleusercontent.com",
  clientSecret : "CxxxxxxxxiBvi",
  scopes : cGoa.GoaApp.scopesGoogleExpand (['datastore','userinfo.email']),
  service: 'google',
  packageName: 'DriverDatastore_example'
});

 

The example

The example includes 3 functions.
  • A doGet example for a web app.
  • An example where the token has already been setup by a one off doGet example
  • An example of consuming the token
The doGet should be published 

function doGet(e) {
  return doGetDataStoreUser (e);
}

and will create a consent screen like this, from which the redirect URI can be copied and added to the App dashboard.

The patterns

There is just a slight difference (to be run as user) between this and Google Datastore service for Goa examples (to be run as owner)
  • The  package is stored in the UserProperties store
  • The first item is a userClone which will set up a user version of the credentials (if this is the first time the user has been seen)

  var packageName = 'DriverDatastore_example',
      userPropertyStore = PropertiesService.getUserProperties(),
      scriptPropertyStore = PropertiesService.getScriptProperties();
  
  // this starts with a package copy for a specific user if its needed
  cGoa.GoaApp.userClone(packageName, scriptPropertyStore , userPropertyStore);

Normally, once the user has done this he wont be asked for reauthorization in the future (since the tokens are refreshed automatically), but it is possible to change this behavior with

goa.remove();

once the access token has been retrieved.


the example

function doGetDataStoreUser (e) {
  
  // this is pattern for a WebApp.
  // passing the doGet parameters (or anything else)
  // will ensure they are preservered during the multiple oauth2 processes
  
  var packageName = 'DriverDatastore_example',
      userPropertyStore = PropertiesService.getUserProperties(),
      scriptPropertyStore = PropertiesService.getScriptProperties();
  
  // this starts with a package copy for a specific user if its needed
  cGoa.GoaApp.userClone(packageName, scriptPropertyStore , userPropertyStore);
  
  // create a user specific package. 
  var goa = cGoa.GoaApp.createGoa (packageName,userPropertyStore).execute(e);
  
  // it's possible that we need consent - this will cause a consent dialog
  if (goa.needsConsent()) {
    return goa.getConsent();
  }
  
  // if we get here its time for your webapp to run and we should have a token, or thrown an error somewhere
  if (!goa.hasToken()) throw 'something went wrong with goa - did you check if consent was needed?';
  
  // This is a webapp doing whaever its supposed to do
  // getParams is used to retrieve the original parameters passed to this function
  var result = testDataStore (goa.getToken(), goa.getParams() );   
  
  // remove package -- if you want to disable access to the service for the user and need continuous auth dalog uncomment this...
  ////goa.remove();
  
  // now return it as normal
  return HtmlService.createHtmlOutput (result.getContentText())
    .setSandboxMode(HtmlService.SandboxMode.IFRAME);

}


function dataStoreUser(params) {
       
  // pick up the token refreshing if necessary
  var goa = cGoa.GoaApp.createGoa('DriverDatastore_example', PropertiesService.getUserProperties()).execute(params);
  
  if (!goa.hasToken()) {
    throw 'for a non webapp version - first publish once off to provoke a dialog - token will be refreshed automatically thereafter';
  }
  
  // do a test - passing the token and any parameters that arrived to this function
  Logger.log (testDataStore (goa.getToken(), goa.getParams() ));
  

/**
 * this is your main processing - will be called with your access token
 * @param {string} accessToken - the accessToken
 * @param {*} params any params
 */
function testDataStore (accessToken,params) {
 
   var options = {
     method: "POST",
     contentType : "application/json" ,
     muteHttpExceptions : true,
     headers: {
       "authorization": "Bearer " + accessToken,
     },
     payload:JSON.stringify({
       "query": {
        "kinds": [{"name":"polymerdbab"}]
       }
      })
   };
   

  return UrlFetchApp.fetch( 
    "https://www.googleapis.com/datastore/v1beta2/datasets/xliberationdatastore/runQuery", options);

}

For more like this, see OAuth2 for Apps Script in a few lines of code Why not join our forumfollow the blog or follow me on twitter to ensure you get updates when they are available. 

You want to learn Google Apps Script?

Learning Apps Script, (and transitioning from VBA) are covered comprehensively in my my book, Going Gas - from VBA to Apps script, All formats are available from O'ReillyAmazon and all good bookshops. You can also read a preview on O'Reilly

If you prefer Video style learning I also have two courses available. also published by O'Reilly.
Google Apps Script for Developers and Google Apps Script for Beginners.


Comments