I have a very simple stand-alone google scripts project which is deployed as a Web App. It just contains two test functions:
function doGet(e) {
Logger.log(e);
return ContentService.createTextOutput('Get OK');
}
function doPost() {
Logger.log("doPost");
return ContentService.createTextOutput('Post OK');
}
I have another Apps Script project with a simple function:
function doConnect() {
var response = UrlFetchApp.fetch(
";,
{
method: "get",
muteHttpExceptions: true
}
);
Logger.log(response.getContentText());
}
At the moment I am testing things and run my doConnect just from Run button in the Apps Script editor.
Context: As soon as the above proof-of-concept works, I would fire my doConnect from spreadsheet "button" (image with bound script). This script would run with permissions of spreadsheet owner refresh some values in protected cells that are untouchable for regular editors.
All works perfectly when a web app is deployed with "Who has access" = "Anyone" option. When I change this option to "Anyone with Google account" I get "Error 401 Unauthorized".
In order to pass authorization info I have modified my function as below, but no success.
function doConnect() {
var response = UrlFetchApp.fetch(
";,
{
method: "get",
headers: {
Authorization: "Bearer " + ScriptApp.getOAuthToken()
},
muteHttpExceptions: true
}
);
Logger.log(response.getContentText());
}
When I just paste the url into another tab of the same browser - I get the expected result. Am I somehow able to pass authorization info via request?
I have a very simple stand-alone google scripts project which is deployed as a Web App. It just contains two test functions:
function doGet(e) {
Logger.log(e);
return ContentService.createTextOutput('Get OK');
}
function doPost() {
Logger.log("doPost");
return ContentService.createTextOutput('Post OK');
}
I have another Apps Script project with a simple function:
function doConnect() {
var response = UrlFetchApp.fetch(
"https://script.google/macros/s/XXXXXXXXX/exec",
{
method: "get",
muteHttpExceptions: true
}
);
Logger.log(response.getContentText());
}
At the moment I am testing things and run my doConnect just from Run button in the Apps Script editor.
Context: As soon as the above proof-of-concept works, I would fire my doConnect from spreadsheet "button" (image with bound script). This script would run with permissions of spreadsheet owner refresh some values in protected cells that are untouchable for regular editors.
All works perfectly when a web app is deployed with "Who has access" = "Anyone" option. When I change this option to "Anyone with Google account" I get "Error 401 Unauthorized".
In order to pass authorization info I have modified my function as below, but no success.
function doConnect() {
var response = UrlFetchApp.fetch(
"https://script.google/macros/s/XXXXXXXXX/exec",
{
method: "get",
headers: {
Authorization: "Bearer " + ScriptApp.getOAuthToken()
},
muteHttpExceptions: true
}
);
Logger.log(response.getContentText());
}
When I just paste the url into another tab of the same browser - I get the expected result. Am I somehow able to pass authorization info via request?
Share Improve this question edited Mar 14 at 8:37 Kuba D asked Mar 13 at 16:37 Kuba DKuba D 1372 silver badges7 bronze badges 2- 3 The code and details included aren't a minimal reproducible example because it's not shown how the function doConnect is called and the web app doGet / doPost function. Please ensure to include all the relevant details to help others to reproduce the problem. – Wicket Commented Mar 13 at 17:26
- 1 @Wicket I have updated my question. I hope you like it more now. – Kuba D Commented Mar 14 at 8:38
1 Answer
Reset to default 3In the case of Google Apps Script Web Apps, when "Who has access" is set to "Anyone with a Google account" and a client is required to send requests to the Web App, it is necessary to include an access token in the request. At that time, one of the Drive API scopes must be included. If the scope is missing, an error will occur. I suspect this might be the cause of your current issue. To resolve this, consider modifying your script as follows:
Modified script
function doConnect() {
var response = UrlFetchApp.fetch(
"https://script.google/macros/s/XXXXXXXXX/exec",
{
method: "get",
headers: {
Authorization: "Bearer " + ScriptApp.getOAuthToken()
},
muteHttpExceptions: true
}
);
Logger.log(response.getContentText());
// Please add the following comment line.
// DriveApp.getFiles();
}
In this modification, the comment line // DriveApp.getFiles(); is added. When this comment line is included and the script is run, the scope https://www.googleapis/auth/drive.readonly is automatically added by the script editor. This ensures that the access token used for requesting the Web App includes the necessary scope.
Of course, the comment line // DriveApp.createFile(); can also be used. In this case, the scope https://www.googleapis/auth/drive will be added.
Note
- In the above scenario, it's assumed that the owner of the Web App is the same as the owner of the client. If you want another user to make requests to your Web App as a client, please share the Google Apps Script project with that user. This will enable the client to request the Web App. Please be mindful of this.
Reference
- Taking advantage of Web Apps with Google Apps Script