I am supporting CandidateX

CandidateX is a startup that focuses on creating inclusion-focused hiring solutions, designed to increase access to job opportunities for underestimated talent. Check them out if you have a few minutes to spare. They need visibility!

This describes how to use Goa, as described in Oauth2 for Apps Script in a few lines of code (which you should read first for background).
The library, cGoa, is available under this project key, or on github. All the tests described for this topic are also available on github.


Getting credentials to a file

When using service accounts Goa knows how to get the developers console credentials from a downloaded file. In most of the examples I show setting up the once off credentials by explicitly setting the client id and secret.  I then advise you delete that function since after running it once since its not a good idea to keep your credentials in your code, especially if you load that code to github or otherwise make it public.
It is possible to download web credentials from the developers console too, as below.

Goa can create credentials from a file

You can now set your once off package up using this downloaded file. That way you don’t have to expose any credentials in your code, and if you do accidentally leave the file id there, it’s anyway protected by being on your private drive. Here’s two ways of doing the same thing. The first reads it from file, and in the second the credentials are set explicitly. Using this first method I dont have to care too much about leaving the file id in the script (although I’ve obfuscated it in any case), since only I can access it.

 // web account for cloud vision - taken from downloaded credentials
  cGoa.GoaApp.setPackage (propertyStore , 
    cGoa.GoaApp.createPackageFromFile (DriveApp , {
      packageName: 'cloudvision',
      scopes : cGoa.GoaApp.scopesGoogleExpand (['cloud-platform']),
  // alternatively ... you can also set the credentials explicitly like this....
  cGoa.GoaApp.setPackage (propertyStore , { 
    clientId : "1092xxxxxxxusercontent.com",
    clientSecret : "67HxxxxxxxxxxbUOxW",
    scopes : cGoa.GoaApp.scopesGoogleExpand (['cloud-platform']),
    service: 'google',
    packageName: 'cloudvision'

Of course this only works for Google APIS. Other APIS still need to set the credentials explicitly. If any others have the capability of downloading a credential file, let me know and I’ll add them.

Why not join our forum, follow the blog or follow me on Twitter to ensure you get updates when they are available.