部署为网络应用程序的Google Apps脚本的身份验证问题 [英] Authentication issue with Google Apps Script deployed as a web app

问题描述

在尝试使用UrlFetch和授权标头中的承载从第二个GAS调用已部署的Apps脚本(作为Web应用程序，任何人都可以访问")时，我遇到HTTP 401错误.直到两个星期前，这些脚本都可以正常工作几个月. 这是两个重现该错误的小脚本.

I am facing HTTP 401 errors while trying to call a deployed Apps Script (as a web app, accessible to "anyone") from a second GAS with UrlFetch and a bearer in authorization header. The scripts were working fine for months until around two weeks ago. Here are two small scripts to reproduce the error.

脚本A-部署为网络应用程序，任何人"都可以访问.

function doGet(e) {
  var params = e.parameter.params;
  console.info("Parameters : " + JSON.stringify(e.parameter));
  return ContentService.createTextOutput("Success");
}

脚本B-通过UrlFetch调用脚本A

function callURL() {
  var param = {
    method      : "get",
    headers     : {"Authorization": "Bearer " + ScriptApp.getOAuthToken()},
    followRedirects : true,
    muteHttpExceptions:true,
  };
  var url = "https://script.google.com/macros/s/<script_A_deployed_url>/exec?param1=test";
  var resp = UrlFetchApp.fetch(url,param);
  if(resp.getContentText() != "Success"){
    console.info(resp.getContentText());
    throw resp.getContentText();
  }
}

推荐答案

Tanaike 为我指明了正确的方向.显然，最近一些内部规则更改了作为Web应用程序部署的Apps Script的身份验证机制. 对于B脚本，UrlFetch的默认作用域为https://www.googleapis.com/auth/script.external_request，但是现在看来我们需要至少对A脚本具有读取权限，这意味着我们还需要Drive作用域. 为了实现这一点，例如，您可以在B脚本中具有此功能以对其进行授权.

Tanaike pointed me in the right direction. Apparently, some internal rules recently changed in the authentication mechanism for Apps Script deployed as a web app. For B script, the default scope with UrlFetch is https://www.googleapis.com/auth/script.external_request, but it looks like we now need at least read access to A script, which means we also need Drive scopes. In order to achieve that, you can for example have this function in B script to authorize them.

function setScope() {
  DriveApp.getRootFolder();
}

这篇关于部署为网络应用程序的Google Apps脚本的身份验证问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！