如何缩小Google Apps脚本的身份验证/驱动器范围? [英] How to narrow down the auth/drive scope for a google apps script?
问题描述
我已经构建了一个Google Apps脚本网络应用程序.对于与Google云端硬盘相关的功能,应用程序需要auth/drive.install(与Drive UI集成)和auth/drive.file(在相关文件属性中存储与文件关联的某些数据)范围.其他范围是auth/urlshortener,auth/userinfo.email和auth/userinfo.profile.据我了解,后两者必须用于身份验证.
I've built a google apps script web application. For Google Drive related features the application requires auth/drive.install (to integrate with Drive UI) and auth/drive.file (to store some data associated with a file in the related file properties) scopes. Other scopes are auth/urlshortener, auth/userinfo.email, and auth/userinfo.profile. The two latter are required for auth purposes, as far as I understand.
以上范围是在应用程序中的oauth dance中指定的.但是,在应用安装时,以下范围会呈现给用户:
The above scopes are specified at oauth dance within the app. However, at app installation the following scopes are presented to a user:
- 查看和管理Google云端硬盘中的文件(与
auth/drive scope对应) - 管理您的goo.gl短网址(
auth/urlshortener) - 和另外三个与
auth/script_*范围 相对应的
- View and manage the files in your Google Drive (corresponds with
auth/drive scope) - Manage your goo.gl short URLs (
auth/urlshortener) - and three other that correspond with
auth/script_*scopes
这与脚本属性中的作用域相关.
This correlates with scopes from the script properties.
5 OAuth Scopes required by the script:
https: //www.googleapis.com/auth/drive
https: //www.googleapis.com/auth/script.external_request
https: //www.googleapis.com/auth/script.scriptapp
https: //www.googleapis.com/auth/script.storage
https: //www.googleapis.com/auth/urlshortener
很明显,由于使用了高级Google服务,所以添加了auth/drive和auth/urlshortner,它们在GAS IDE(资源>高级Google服务)和开发者控制台中均已启用.
Obviously, auth/drive and auth/urlshortner are added as a result of Advanced Google Services use, that are turned on in both GAS IDE (Resources > Advanced Google services) and Developer's Console.
GAS IDE不允许指定任何范围比例如窄的范围. auth/drive.
由于某些原因,开发人员控制台中的Google Apps Marketplace SDK配置不允许添加任何特定范围.实际上,它允许添加但不保存任何内容.
GAS IDE doesn't allow specifying any scope narrower than e.g. auth/drive.
Google Apps Marketplace SDK configuration in Developer's Console doesn't allow to add any specific scopes for some reason. Actually, it allows adding but doesn't save any.
最近,Google为请求敏感OAuth范围的OAuth客户端引入了一种审核程序,而auth/drive绝对是其中之一.
Recently Google introduced a review procedure for OAuth clients requesting sensitive OAuth scopes and auth/drive is definitely a one of.
我不需要整个auth/drive范围,也不希望用户看到类似以下内容的内容:
此应用未通过验证
I do not need the entire auth/drive scope and also I do not want users seeing anything like this:
This app ins't verified
是否可以通过GAS IDE或开发者控制台缩小drive范围?
Is there a way to narrow down the drive scope via GAS IDE or Developer's Console?
脚本本身不使用任何auth/script_*功能.自从我采用节点google apps脚本模块进行开发以来,就隐式添加了这些内容.我不需要用户的许可.如何摆脱呢?
The script itself doesn't employ any auth/script_* functionality. Those were added somehow implicitly since I employed node google apps script module for development. I don't need user's permission for those. How to get rid of that?
有什么解决方法吗?
推荐答案
我自己来解决这个问题.
Just dealing with this myself.
我发现Google提供的以下参考资料很有帮助 https://developers.google.com/apps-script/concepts/scopes (设置显式范围"选项) 和 https://developers.google.com/apps-script/concepts/manifests
I found the following references from Google helpful https://developers.google.com/apps-script/concepts/scopes ("Setting explicit scopes" option) and https://developers.google.com/apps-script/concepts/manifests
摘要: 您必须编辑appsscript.json清单文件.默认情况下,这在您的文件列表中不可见.点击菜单查看"->显示清单文件".
Summary: You have to edit the appsscript.json manifest file. This isn't visible by default in your file list. Click on menu "View"->"Show manifest file" to make it so.
然后将"oauthScopes"部分添加到清单,其中包含一个数组,该数组包含在范围"选项卡的菜单文件"->项目属性"下找到的范围(当然,使其成为适当的json数组).减少多余的作用域和/或换成较宽松的作用域(只读而不是完全访问权限等).
Then add a "oauthScopes" section to the manifest with an array containing the scopes you find under menu "File"->"Project properties" in the "Scopes" tab (of course make it a proper json array). Pare down the excess scopes and/or swap out for less permissive scopes (readonly instead of full access, etc).
这篇关于如何缩小Google Apps脚本的身份验证/驱动器范围?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
