I want to create a web application for my client and use Google drive to store information.
Since it's impossibe to integrate a web application from google apps script in my own website I try to use Google Apps Script Execution API and Javascript to make the interaction between my website and Google Drive.
I find out some exemple like this one :
https://mashe.hawksey.info/2015/10/google-sheets-as-a-database-authenticated-insert-with-apps-script-using-execution-api/
I do be able to reproduce this example but it use an Auth authentification.
I would like to use Google Apps Script Execution API without Auth authentification but with simple API keys.
Is it possible ? And do you have an example to illustrate this.
Thank you for your help,
Yes you can do that. Check this guide about web deployment using apps script. You just need to run the web app as your own user (parameter Execute the app as). But you will only be able to get access to your own google Drive which may not be that useful. If you want to access others' people Drive then you must run the web app as the current user but this will prompt for permissions (the first time the user access your application).
Related
I'm quite new Google Scripts. I'm trying to create a web app through which users can log in (with their Gmail accounts) and modify a Google Sheet. Here's a screenshot of the registration page.
Initially, the user logs in via their existing Google account and this page is displayed. Upon clicking the button, what I want is for the script to add their submitted information and their current email to a Google Sheet. Once their info is in the Sheet, they only need to log in via Google to gain access to the system. However, when I try this with another account I get this error:
Is this a permissions problem? Or does Google Scripts not allow this kind of direct manipulation of files on my Drive? Here are my permissions settings for my web app:
Is this at all possible?
From your question, I could understand that the settings of your Web Apps is as follows.
Execute the app as: User accessing the web app
Who has access to the app: Anyone
For above Web Apps, you want to make users access to the Web Apps using each browser.
Confirmation points:
From above situation, please confirm the following points. At first, I think that when the Spreadsheet you want to put the values is in each user's Google Drive, no error occurs. So from your question, I thought that the Spreadsheet might be in your Google Drive.
Although I'm not sure about your whole script, if the Google Spreadsheet which is used in your script of Web Apps is in your Google Drive, it is required to shared the Google Spreadsheet with the user. Even when the script of Web Apps is the container-bound script of the Spreadsheet and getActiveSpreadsheet() is used, it is required to share the Spreadsheet with the user.
When you want to put the values to your Spreadsheet in your Google Drive when the user submitted the form, please share the Spreadsheet with the user as the writer.
When you want to only read the values from your Spreadsheet in your Google Drive when the user submitted the form, please share the Spreadsheet with the user as the viewer.
Also, you can publicly share. But I thought that this might not be the direction you expect.
Other method:
If you don't want to share the Spreadsheet with the user, how about the following workaround?
Deploy new Web Apps as following settings.
Execute the app as: Me
Who has access to the app: Anyone, even anonymous
In this case, you can also make user access to this Web Apps using a key as the query parameter.
When Who has access to the app: Anyone is used, it is required to share the script of new Web Apps with the user. So I proposed to use Anyone, even anonymous for this situation.
When the form is submitted, the values are put to your Google Spreadsheet using this new Web Apps.
In this case, new Web Apps is used as the wrapper API for putting the values to Spreadsheet.
References:
Web Apps
Taking advantage of Web Apps with Google Apps Script
I'm trying to develop a react native application that won't require a user to sign into a bunch of different services every time. For now I'm trying to get the google side of things setup where a user can click a button which will allow me to link my application to there Google user account so that when they next visit the app the don't need to log into google for the functionality to continue to work.
I'm having a hard time finding documentation about how this link can be set up but I have found this page on Google which suggests it's possible.
https://myaccount.google.com/accountlinking?hl=en-GB&pli=1
The idea would be a bit like last.fm handles Spotify. a simple login and approve the service will mean that last.fm can listen to the Spotify account without requiring further auth every time its doing said functionality.
I can't find much in terms of tutorials or documentation on this specific thing.
Google OAuth and Scopes
It sounds like you're looking to implement Google identity federation in your app - specifically, OAuth 2.0. Google gives you quite a few options depending on the complexity of your authenticated user experience.
As for permissions, the Google API documentation calls these scopes. Here's a list of all the available scopes for every Google API. Setting scopes can take a few additional steps depending on which Google apps/information your app needs access to. By default, the Google API scopes for a new project are email, profile, and openid. Here's a video explaining how to view and modify the scopes in the Google API console(mentioned below).
1. Google Sign-in Button with scopes
The simplest method would be to follow this guide from Google which explains how to set up Google Auth on the frontend.
In short, you first set up a project within the Google API Console. Create a new project and take a look at your project scopes by clicking the Credentials tab, then the OAuth Consent Screen tab. Then back in your frontend code, include a script tag to call the Google API related to authentication functionality. Next, include a meta tag containing the client key found in the Google API Console. Then just create a sign in button with a certain class and data attribute(mentioned in the guide) and users should be able to sign in. This will return a small amount of user data in your code which you can use for validation within your app.
2. Firebase with scopes
A more complex solution would be Firebase authentication which returns even more user data, the use of a database to save and retrieve data related to the user and their session, and many other handy features that would normally be time consuming to develop. As such, Firebase is often called a backend as a service(BaaS).
To get the same level of granularity of scopes as the standard OAuth scenario outlined above, you may need to use a combination of the two as described in this article from Fireship.io.
I'm writing an app in JS that fetches Google Calendar events using Google Calendar API. I've already generated an API Key and Client ID - do I have to do something to try and 'secure' them? Their tutorial puts them directly in the JS file (https://developers.google.com/calendar/quickstart/js), but then I dig further into the dev docs (https://cloud.google.com/docs/authentication/api-keys#securing_an_api_key) and it says not to embed the API key into the code...but that could just be for paid API keys?
I'm writing this mini webapp for a class so I only need it to work for like 6 weeks. I'm hosting it via GitHub Pages, and it was the one that alerted me about the API Key when I pushed the code.
Bottom line - is it safe for me to embed the API key into the JS code that gets pushed to github and made publicly available (so I can have just a frontend and use GitHub Pages)? Or do I need to take some kind of preventative measures?
Thanks in advance!
Api key is only used for accessing public data. For example you could use it to access the Google Calendar public holiday calendars. That being said yes you should keep your api key secrete and not share it but google is aware that this is not possible with client side languages like JavaScript so i have never heard of anyone getting in trouble for leaking their api key by having it in a JavaScript application.
This warning is mainly means that you should not put it in a GitHub open source repository that anyone can download and then run. You must instruct people how to create their own.
That being said if you are trying to access private user data then you should be using Oauth2 to authenticate your users and this you can lock down to only your domain due to the need for a redirect uri. As you say you have created a client id i suspect that you have already done that. Apikey in the javascript code isnt strictly needed if you have added the client id for oauth2.
I have a Google Spreadsheet file and a JavaScript application, hosted using Google Firebase free plan – if that changes anything. I would like to grant my application a read/write permission to the file so that when a user, posts something using my app, it will be written to the SpreadSheet as a new line. I thought that should be a simple scenario but…
While I got the read part running, using the API_KEY, the writing part seems to require OAuth authentication - even if the file itself is 100% public…
In my scenario the application itself should be the one, authenticating to the Sheet API - not the user of that application.
So, is there any way around this? Or to somehow log-in using OAuth on the application level?
Please note: I know I could use Firebase here, but let’s just assume that for now, it is not an option.
My final solution was to use Google Apps Script instead of Google Sheets API, as described here:
https://stackoverflow.com/a/49459945/2384366
After publishing the scrip with the ‘Who has access to the app’ = ‘Anyone, even anonymous’ – I was able to use the doPost function to do exactly what I wanted.
Perhaps it’s not the best solutions – but it works (and frankly, gives us much more control).
Title pretty much says it all - I need to access Analytics data for a site, using the Javascript API and authenticating via a service account. Is this possible, if so, how? Have spent hours running in circles in the Google docs to no avail.
I'm looking to build a dashboard to publically display stats for the site, hence the need for the service account.
Javascript is a must - I need a completely client-side solution.
Any ideas?