使用访问令牌调用Google Apps脚本网络应用 [英] Calling a Google Apps Script web app with access token
问题描述
我需要代表登录到我的系统的用户执行GAS服务.所以我有她/他的访问令牌.我想以某种方式将令牌传输到Web应用程序,而不必再次授权用户将其用于某些活动.能做到吗?谢谢.
I need to execute a GAS service on behalf of a user that is logged to my system. So I have her/his access token. I would like somehow to transfer the token to the web app and without having to authorize again the user to use it for some activities. Can this be accomplished? Thank you.
编辑:我认为我没有正确解释我要完成的工作.这是我尝试实现的工作流程:
I think I didn't explain right what I try to accomplish. Here is the work flow I try to achieve:
- 我们授权用户使用OAuth2和Google访问我们的网站;
- 我们掌握了Google返回的她/他的访问令牌;
- 有一个Google Apps脚本网络应用程序,该应用程序是通过运行该网络应用程序的用户执行的;
- 我们想通过提供访问令牌(2)来调用此应用(3),以便Google不再要求授权;
- 实际上,我们不希望通过将用户重定向到该应用程序来调用该应用程序(3),而是通过将其作为网络服务来调用.
谢谢
推荐答案
Martin的答案最终对我有用,但是当我制作原型时,遇到了很大的障碍.
Martin's answer worked for me in the end, but when I was making a prototype there was a major hurdle.
我需要手动添加以下范围,因为google apps脚本的自动范围检测系统"没有要求它:"https://www.googleapis.com/auth/drive.readonly".这导致UrlFetchApp.fetch总是向401提供我不理解的其他信息.记录此附加信息将显示html,包括以下字符串
I needed to add the following scope manually, as the "automatic scope detection system" of google apps script did not ask for it: "https://www.googleapis.com/auth/drive.readonly". This resulted in UrlFetchApp.fetch always giving 401 with additional information I did not understand. Logging this additional information would show html, including the following string
Sorry, unable to open the file at this time.</p><p> Please check the address and try again.
我仍然不太明白为什么需要"https://www.googleapis.com/auth/drive.readonly".可能与以下事实有关:我们可以使用/dev url,但是可以使用脚本文件的驱动器权限来检查谁可以使用/dev url.
I still don't really understand why "https://www.googleapis.com/auth/drive.readonly" would be necessary. It may have to do with the fact that we can use the /dev url, but who may use the /dev url is managed is checked using the drive permissions of the script file.
也就是说,下面的设置对我有用(它对doGet也适用,但是我选择了doPost).我选择在清单文件中明确列出最低限度的作用域,但您也可以确保调用脚本将要求以不同方式访问驱动器的权限.我们有两个Google Apps脚本项目,即Caller和WebApp.
That said, the following setup then works for me (it also works with doGet etc, but I chose doPost). I chose to list the minimally needed scopes explicitly in the manifest file, but you can also make sure the calling script will ask for permissions to access drive in different ways. We have two google apps script projects, Caller and WebApp.
在Caller的清单文件中,即appsscript.json
In the manifest file of Caller, i.e. appsscript.json
{
...
"oauthScopes":
[
"https://www.googleapis.com/auth/drive.readonly",
"https://www.googleapis.com/auth/script.external_request"]
}
在来电显示代码中
function controlCallSimpleService(){
var webAppUrl ='https://script.google.com/a/DOMAIN/macros/s/id123123123/exec';
// var webAppUrl =
// 'https://script.google.com/a/DOMAIN/macros/s/id1212121212/dev'
var token = ScriptApp.getOAuthToken();
var options = {
'method' : 'post'
, 'headers': {'Authorization': 'Bearer '+ token}
, muteHttpExceptions: true
};
var response = UrlFetchApp.fetch(webAppUrl, options);
Logger.log(response.getContentText());
}
在WebApp的Code.gs中(称为Web应用)
In Code.gs of WebApp (the web app being called)
function doPost(event){
return ContentService.createTextOutput("Hello World");
}
这篇关于使用访问令牌调用Google Apps脚本网络应用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
