I am supporting CandidateX

CandidateX is a startup that focuses on creating inclusion-focused hiring solutions, designed to increase access to job opportunities for underestimated talent. Check them out if you have a few minutes to spare. They need visibility!

This describes how to authenticate with github using Goa, as described in Oauth2 for Apps Script in a few lines of code (which you should read first for background).
The library, cGoa, is available under this project key.


Setting up

You’ll need to create an App. The dashboard/developers console can be found here. Your one time setup would look something like this.

cGoa.GoaApp.setPackage (propertyStore ,{ 
    clientId : "xxxxxxx",
    clientSecret : "xxxxxxxxxxxxxxxxxxx",
    scopes : [
    service: 'github',
    packageName: 'githubgoa'

The example

The example includes 3 functions.
  • A doGet example for a web app.
  • An example where the token has already been setup by a one off doGet example
  • An example of consuming the token
The doGet should be published
function doGet(e) {
  return doGetDataStore (e);

and will create a consent screen like this, from which the redirect URI can be copied and added to the App dashboard.


The patterns

 * this is how  to do a webapp which needs authentication
 * @param {*} e - parameters passed to doGet
 * @return {HtmlOurput} for rendering
function doGetGithub (e) {
  // this is pattern for a WebApp.
  // passing the doGet parameters (or anything else)
  // will ensure they are preservered during the multiple oauth2 processes
  // change this to whatever store & credentials name are being used
  var goa = cGoa.GoaApp.createGoa('githubgoa',PropertiesService.getScriptProperties()).execute(e);
  // it's possible that we need consent - this will cause a consent dialog
  if (goa.needsConsent()) {
    return goa.getConsent();
  // if we get here its time for your webapp to run and we should have a token, or thrown an error somewhere
  if (!goa.hasToken()) throw 'something went wrong with goa - did you check if consent was needed?';
  // This is a webapp doing whaever its supposed to do
  // getParams is used to retrieve the original parameters passed to this function
  var result = testGithub (goa.getToken(), goa.getParams() );   
  // now return it as normal
  return HtmlService.createHtmlOutput (result.getContentText())


function github(params) {
  // pick up the token refreshing if necessary
  var goa = cGoa.GoaApp.createGoa('githubgoa', PropertiesService.getScriptProperties()).execute(params);

  if (!goa.hasToken()) {
    throw 'for a non webapp version - first publish once off to provoke a dialog - token will be refreshed automatically thereafter';
  // do a test - passing the token and any parameters that arrived to this function
  Logger.log (testGithub (goa.getToken(), goa.getParams() ));

 * this is your main processing - will be called with your access token
 * @param {string} accessToken - the accessToken
 * @param {*} params any params
function testGithub(accessToken,params) {
   var options = {
     method: "GET",
     headers: {
       authorization: "Bearer " + accessToken

   return  UrlFetchApp.fetch("https://api.github.com/user/repos", options);


For more like this, see OAuth2 for Apps Script in a few lines of code

Why not join our forum, follow the blog or follow me on Twitter to ensure you get updates when they are available.