使用访问令牌调用 Google Apps 脚本网络应用程序 [英] Calling a Google Apps Script web app with access token

问题描述

我需要代表登录到我的系统的用户执行 GAS 服务.所以我有她/他的访问令牌.我想以某种方式将令牌传输到网络应用程序，而无需再次授权用户将其用于某些活动.这能实现吗?谢谢.

I need to execute a GAS service on behalf of a user that is logged to my system. So I have her/his access token. I would like somehow to transfer the token to the web app and without having to authorize again the user to use it for some activities. Can this be accomplished? Thank you.

我想我没有正确解释我试图完成的任务.这是我尝试实现的工作流程:

I think I didn't explain right what I try to accomplish. Here is the work flow I try to achieve:

1. 我们授权用户使用 OAuth2 和 Google 访问我们的网站；
2. 我们掌握了 Google 返回的她/他的访问令牌；
3. 有一个 Google Apps Script 网络应用，它作为运行网络应用的用户执行；
4. 我们希望通过提供访问令牌 (2) 来调用此应用 (3)，以便 Google 不再请求授权；
5. 实际上，我们不想通过将用户重定向到它来调用此应用 (3)，而是将其作为网络服务调用.

谢谢

推荐答案

Martin 的回答最终对我有用，但是在我制作原型时遇到了一个主要障碍.

Martin's answer worked for me in the end, but when I was making a prototype there was a major hurdle.

我需要手动添加以下范围，因为谷歌应用程序脚本的自动范围检测系统"没有要求它:https://www.googleapis.com/auth/drive.readonly".这导致 UrlFetchApp.fetch 总是给出 401 和我不明白的附加信息.记录此附加信息将显示 html，包括以下字符串

I needed to add the following scope manually, as the "automatic scope detection system" of google apps script did not ask for it: "https://www.googleapis.com/auth/drive.readonly". This resulted in UrlFetchApp.fetch always giving 401 with additional information I did not understand. Logging this additional information would show html, including the following string

抱歉，目前无法打开文件.</p><p>请检查地址并重试.

我仍然不明白为什么需要 "https://www.googleapis.com/auth/drive.readonly".可能与我们可以使用/dev url有关，但是谁可以使用/dev url是使用脚本文件的驱动器权限进行管理的.

I still don't really understand why "https://www.googleapis.com/auth/drive.readonly" would be necessary. It may have to do with the fact that we can use the /dev url, but who may use the /dev url is managed is checked using the drive permissions of the script file.

也就是说，下面的设置对我有用(它也适用于 doGet 等，但我选择了 doPost).我选择在清单文件中明确列出最低限度需要的范围，但您也可以确保调用脚本会以不同方式请求访问驱动器的权限.我们有两个 google 应用程序脚本项目，Caller 和 WebApp.

That said, the following setup then works for me (it also works with doGet etc, but I chose doPost). I chose to list the minimally needed scopes explicitly in the manifest file, but you can also make sure the calling script will ask for permissions to access drive in different ways. We have two google apps script projects, Caller and WebApp.

在Caller的manifest文件中，即appsscript.json

In the manifest file of Caller, i.e. appsscript.json

{
  ...
  "oauthScopes": 
  [
    "https://www.googleapis.com/auth/drive.readonly",
    "https://www.googleapis.com/auth/script.external_request"]
}

在调用者的 Code.gs 中

In Code.gs of Caller

function controlCallSimpleService(){

  var webAppUrl ='https://script.google.com/a/DOMAIN/macros/s/id123123123/exec';

//  var webAppUrl = 
//  'https://script.google.com/a/DOMAIN/macros/s/id1212121212/dev'

  var token = ScriptApp.getOAuthToken();

  var options = {
    'method' : 'post'
    , 'headers': {'Authorization': 'Bearer '+  token}
    , muteHttpExceptions: true
  };

  var response = UrlFetchApp.fetch(webAppUrl, options);
  Logger.log(response.getContentText());
}

在 WebApp(被调用的 Web 应用程序)的 Code.gs 中

In Code.gs of WebApp (the web app being called)

function doPost(event){
  return ContentService.createTextOutput("Hello World");
}

这篇关于使用访问令牌调用 Google Apps 脚本网络应用程序的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！