This describes how to implement goa in a sidebar. The example will assume that the authorization process should be repeated for each new user (like a web app published in Accessing as the user running the script)
Goa library is available with this key.


Goa -vs- gapi

If you are creating a sidebar, you can of course use the gapi library to run client side, but goa allows you to create an infrastructure that works server side, to keep your credentials more securely and also to be able to use it for both server and client side purposes. The goa dialog can be customized if you want to make it more the style of your add-on or sidebar content, since the default content is designed for a web app, or since the dialog only happens once, you may want to just leave it as  is. Of course if you are using a service account, there is no dialog anyway, and if you are running the sidebar ‘as you’, then the dialog would only happen once with you – not with each user.

Setting everything up

There is no difference between setting up goa for a sidebar or a webapp, and the setup in the Google Developer console is also exactly the same.
You still need a one-off initialization of your credentials, like this, which you can run once and then remove from your project.  I’ve downloaded my credentials and want goa to read them from drive. You can enter the credentials directly if you prefer, as described in other examples. The scopes should be provided here for whatever you want to get to.

Your app.

This is a slightly different structure than a web app, since you are not using doGet(), but instead using the UI that manages the sidebar. It’s only a minor difference.
The main points are
  • The .userClone() method is the same as for a webapp as described in Accessing as the user running the script
  • The name ‘drivedemo’ matches the one used in the onceoff credentials store.
  • If it needs consent, it will pass the content to the sidebar UI, in contrast to the webapp implementation, where it exits doGet() at this point.
  • if it doesn’t need consent, you can go ahead and use the UI to display your App. In my example, I’m just displaying the token
  • It’s fairly counter-intuitive how that last return HtmlService ever get’s executed, but it’s needed to provide a message back to the Google Auth dialog. Here you should put some instruction that the user will see after having gone through the Google Auth dialog, and given permission to access the requested scopes.
  • The reason that all this works seamlessly is because  the last thing that goa.getConsent() does is to re-enter the script at whichever function it was initiated from – so actually, if consent is required (which is asked for in the sidebar) – this script gets executed twice. Once to get consent, then the second time it doesn’t need consent anymore, gets the token and initiates your app in the sidebar. In parallel with rendering your app in the sidebar, it returns the last message to the authorization dialog saying its done.

For more like this, see OAuth2 for Apps Script in a few lines of code

Why not join our forum, follow the blog or follow me on Twitter to ensure you get updates when they are available.