EzyOauth2 has now been superseded by Goa, so this document is for legacy information. For more information see OAuth2 for Apps Script in a few lines of code. If you are using EzyOauth2, it’s easy to migrate. If you are starting up, consider using Goa instead – it’s easier and has more features.
In EzyOauth2 – taking some pain out of Apps Script API authentication, I provided a library to simplify oAuth2, then in EzyOauth2 patterns I showed simple patterns for creating apps. Multiple oAuth2 authentication packages showed how to create multiple authentication packages in the same project.
Here’s a new one – this time for the Microsoft Live SDK
For other authentication packages, see

You’ll need the code from EzyOauth2 patterns to build your own app around, and also include access to the library in EzyOauth2 – taking some pain out of Apps Script API authentication

Getting started

You need to set up your application on the Microsoft Applications Dashboard. You’ll get a client id and a secret. You can get the redirect URL for your webapp by publishing it, running it, and taking note of the Url it shows. You don’t need to bother with most the fields on the dashboard.


Although this example is for OneDrive, just like with Google Oauth2, the scopes you select control the API you intend to use. You can find details of Microsoft API scopes here.

Package Names

You need to add these to your one time credential storing function.  I’ve called it onedrive.
setAuthenticationPackage_ ({ 
    clientId : "xxxxxxxxx",
    clientSecret : "xxxxxxxxxxxxxxxxxxxxxxxxxxx",
    scopes : ["wl.signin","wl.basic","wl.offline_access","wl.skydrive_update"],
    service: 'live',
    packageName: 'onedrive'

Service names

I’ve already added the Live SDK service to the latest  cEzyOauth2 library, so as long as you picking up the latest version it will know how to handle Live SDK requests. This maps to the service name in your credentials package. It looks like this
{ name:'live',
         authUrl : "",
         tokenUrl: "",
         refreshUrl: "",

A web application.

The only difference between this and the example shown in EzyOauth2 patterns, is that I am calling different function names and package name. You have to run this at least once to set up the token/refresh structure. It will show you the redirect URI, which you can add to your onedrive application definition, then it will take you through the Live authentication dialog. Future accesses to onedrive will pick up the access or refresh token from your script properties (webapp or not – they use the same token). If you’ve copied the patterns from EzyOauth2 patterns, you’ll already have something that looks like this. I just made a couple of tweaks (in red) to access the live credentials you just created, and to do a test access to onedrive.
 * this is your web app
 * @param {object} webapp param object
 * return {HtmlOutput} 

function doGet (e) {
  return doGetPattern(e, constructConsentScreen, doSomething, 'onedrive') ;

 * tailor your consent screen with an html template
 * @param {string} consentUrl the url to click to provide user consent
 * @param {string} redirectUrl the url that redirect will happen on
 * @return {string} the html for the consent screen
function constructConsentScreen (consentUrl,redirectUrl) {
  return '<p>Redirect URI to be added to cloud console is ' + redirectUrl + '</p><a href = "' + consentUrl + '">Click to authenticate to microsoft</a> ';

 * this is your main processing - will be called with your access token
 * @param {string} accessToken - the accessToken
function doSomething (accessToken) {
   var options = {
     method: "GET",
     headers: {
       authorization: "Bearer " + accessToken

  var result = UrlFetchApp.fetch("", options);
  return HtmlService.createHtmlOutput (' it worked ' + accessToken + '<br>' + result.getContentText());


 * gets the property key against which you want the authentication package stored
 * @param {string} optPackageName
 * @return {string}
function getPropertyKey_ (optPackageName) {
  return "EzyOauth2Datastore" + (optPackageName ? '_' + optPackageName : '');

and we get this .. the access token is massive compared to most services.

{ "quota": 1115617755136, "available": 1115614588857 }


Once your credentials are set up, all you have to do is pass the function that does the work to doGetPattern(e, constructConsentScreen, doSomething, ”OneDrive”)   and it will be called with a fresh accessCode.