Many people are a little intimidated by OAuth2 in Apps Script, and because you don’t need to set it up very often you always need to work from a cheat sheet. Luckily if you use a library, you don’t need to remind yourself of the mechanics, just how to use the library. Today I needed to set up access to the Blogger API, and it’s been a little while since I’ve had to set up OAuth2 from scratch so I timed it.  Here are the steps and how long they took.
I’m using Goa as my library and you kind find countless videos and articles on it here.
First of all I need to decide which flow I’m going to use. Since this is a purely server side App, I could probably use a service account but I can’t remember if the Blogger API supports service accounts, and in any case I may share the app at some point, so I’d rather it was able to request resource access belonging to the person executing it. Since it’s not a webapp, I only need to publish it and run it as a webapp once so that the token infrastructure in the property store can get authorized, then the server side app can use it each time it runs.

Step 1 – 3 minutes

Find out which scopes Blogger API needs. Look up the Blogger API reference and get into the API explorer.
blogger.readonly will work just fine.

Step 2 – 2 minutes

Get into my project console

enable blogger API 

create credentials .. I’ll leave it open as I have to go back and enter the redirect uri later

Step 3 – 3 minutes

Add goa library, create a one off function from template here , add credentials and execute to store credentials in property store. 
function oneoffgoa() {

  var propertyStore = PropertiesService.getScriptProperties();
  cGoa.GoaApp.setPackage (propertyStore , { 
    clientId : "",
    clientSecret : "xxxxxxxx",
    scopes : cGoa.GoaApp.scopesGoogleExpand (['blogger.readonly']),
    service: 'google',
    packageName: 'blogger'


Step 4 – 3 minutes

Decide that I want to use user properties store for my token info, and create a web app from a template, and publish to “run as user executing”.
function doGet(e) {

  // running as the user running the app
  cGoa.GoaApp.userClone('blogger', PropertiesService.getScriptProperties() , PropertiesService.getUserProperties());
  var goa = cGoa.GoaApp.createGoa('blogger',PropertiesService.getUserProperties()).execute(e);
  // it's possible that we need consent - this will cause a consent dialog
  if (goa.needsConsent()) {
    return goa.getConsent();
  // if we get here its time for your webapp to run and we should have a token, or thrown an error somewhere
  if (!goa.hasToken()) throw 'something went wrong with goa - did you check if consent was needed?';

Step 5 – 2 minutes

Run webapp, get redirect URI and copy into my project console

Step 5 – 1 minute

Incorporate in my project and check it works
function getAllYouBlogger () {
  var goa = cGoa.GoaApp.createGoa('blogger',PropertiesService.getUserProperties()).execute();
  if (!goa.hasToken()) throw 'should have token';

.. etc 

Step 6 

Get rid of the  onceoff functions. I won’t need it again. Goa will refresh access tokens anytime it needs to without intervention. The only time I’ll need to run doGet again is if I change my Google password so I’ll keep that around for now, but its not part of my app.


14 minutes from start to finish, and about an hour to write it up. OAuth2 is really not that complicated.

For more like this, see Oauth2 for Apps Script in a few lines of code

Why not join our forum, follow the blog or follow me on Twitter to ensure you get updates when they are available.