EzyOauth2 has now been superseded by Goa, so this document is for legacy information. For more information see OAuth2 for Apps Script in a few lines of code. If you are using EzyOauth2, it’s easy to migrate. If you are starting up, consider using Goa instead – it’s easier and has more features.
In EzyOauth2 – taking some pain out of Apps Script API authentication, i provided a library to simplify oAuth2. In this pots, I’ll show some patterns you can use to further simplify the use of oAuth2 with Google Apps Script. The reason I provide these as patterns, rather than as a library, is to protect your credentials – in other words either create your own pattern library, or copy the patterns to your own scripts. These patterns should be able to be used pretty much without modification.
For other authentication packages, see
only a few minor modifications are needed from the Google version shown below.

Getting started

As described in EzyOauth2 – taking some pain out of Apps Script API authentication, you need to set up your application in the developers cloud console and get some credentials. The idea here is that you store these in your user properties.

Pattern 1 – Storing credentials in your user properties.

Create a separate script in your current project, and add this code, substituting your own credentials and scopes. Once you have finished testing, I recommend that you delete this script, or keep it in a separate script. This only needs to be run once for a project, except where you want to clear out any token information. You’ll notice that it asks if you want to allow offline access in the first time authentication dialog. This is needed to allow the automatic of refreshment of tokens in future passes without the need to repeat the conversation.

Pattern 2 – a web application.

A typical web application, with a doGet() would look like this, using the patterns I’ll show later in this article. Create script that looks like this


doGetPattern(e, constructConsentScreen, doSomething)

Your normal doGet() is going to first be passed through a process that will either
  1. Find a current access token in your property store
  2. Use a refresh token to get a new access token in place of an expired one
  3. Take you through a user consent dialog, and store the token information in your properties. It will need you to have created a constructConsentScreen() function (sample shown above), of what you would like your consent screen to look like. Note that, as described in EzyOauth2 – taking some pain out of Apps Script API authentication, you’ll need to register your callback url in the Google Cloud console. It will be something like the below. Alternatively you can just run this, let it fail, and copy the callback url from the error message to the cloud console.
Once one of these has been executed, your function doSomething (example above), will be called with an accessToken as the argument, so you can process you doGet() call as normal.
You also need to provide this function, which returns the name of the property key it should use to store token information. The package name is for a later article. It is to allow multiple packages in the same project so you attach to multiple services (google, linkedin etc) at the same time.

Non Web app approach

Even though your app is not a web app, you’ll still need to publish it. This is so that the call back authentication dialog can take place at least once. From then on the refreshing of access tokens is automatic and doesn’t need a web app. The only difference then, is that a non web app pattern looks like this

The pattern script

This script can be copied as is into your project – and of course you will need the EzyOauth2 library (MSaYlTXSVk7FAqpHNCcqBv6i_d-phDA33)

Your properties

If you want to see what get stored in your properties, take a look at your project properties against the key you supplied in your code. You’ll see something like this. The refresh token is used to get a new access token when the current one expires.


This approach takes away the complication of oAuth2. Once your credentials are set up, all you have to do is pass the function that does the work to doGetPattern(e, constructConsentScreen, doSomething) and it will be called with a fresh accessCode. Simple!

Take a look at EzyOauth2 – taking some pain out of Apps Script API authentication for more on this

For help and more information join our community,  follow the blog or  follow me on Twitter.