This describes how to authenticate with Google Datastore using Goa accessing user resources, as described in Oauth2 for Apps Script in a few lines of code (which you should read first for background).

The library, cGoa, is available under this project key.


Accessing user resources

Up till now, the OAuth environment has been mainly focused on apps you write to access your self, or your resources. The other use of OAuth is to get consent from users to access their resources. In this case, each individual user needs to give consent for the scopes your app app is requesting.

Goa does this by expecting to store user refresh information in the specific users property store for this script. So if you have a web app published like this

you need to add one line to your doGet() dialog. As normal, once authorized for a specific user, refreshing will be automatic by default (unless revoked)

Setting up

Even though the token properties will be stored by user, you still need to set up the app credentials once in the script properties store. This is because each user references these for the project details, even though their token and refresh information is individually stored in the user properties.

You’ll need to create an App. The dashboard/developers console can be found here. Your one time setup would look something like this. Note that you can use the same credentials and package name as used in Google Datastore service for Goa examples (which was for apps being run as you) as the template for credentials to be used for apps being run as the user.

The example

The example includes 3 functions.

  • A doGet example for a web app.
  • An example where the token has already been setup by a one off doGet example
  • An example of consuming the token

The doGet should be published

and will create a consent screen like this, from which the redirect URI can be copied and added to the App dashboard.

The patterns

There is just a slight difference (to be run as user) between this and Google Datastore service for Goa examples (to be run as owner)

  • The package is stored in the UserProperties store
  • The first item is a userClone which will set up a user version of the credentials (if this is the first time the user has been seen)
Normally, once the user has done this he wont be asked for reauthorization in the future (since the tokens are refreshed automatically), but it is possible to change this behavior with
once the access token has been retrieved.

the example

For more like this, see OAuth2 for Apps Script in a few lines of code
Why not join our forum, follow the blog or follow me on Twitter to ensure you get updates when they are available.