Search code examples
google-apps-scriptweb-applicationspermissions

Get JSON from a Google Apps Script web-app from another web-app without anonymous access

First, this question is a duplicate of Fetch JSON object from Google WebApp from another Google WebApp however, that question is 6 years old, and the answer does not work in my situation -- details below.

--

I have a Google Apps Script web-app that returns JSON and is published such that it runs as me and anyone in my organization can access it. For various reasons, I cannot publish it as anonymous as answered from the other question.

function doGet(request)
{
    return ContentService.createTextOutput(JSON.stringify(request)).setMimeType(ContentService.MimeType.JSON);
}

I am trying to call this web-app from another web-app using UrlFetchApp.fetch(...) but it seems to return a bunch of HTML instead of the expected JSON output.

function testIt()
{
    var a = UrlFetchApp.fetch("https://script.google.com/a/verizon.com/macros/s/[redacted]/exec");
    Logger.log(a.getContentText());
}

I understand that the second web-app, the one with testIt runs from Google's servers so the UrlFetchApp.fetch call is anonymous.

There must be a way to pass the authentication token of the user running testIt?

I tried this, but it did not work either:

var a = UrlFetchApp.fetch("https://script.google.com/a/verizon.com/macros/s/AKfycbxseotobMLXnid5PT_UpBRWZdNrhhX2EOegeCd4b9gFA2VbAvLm/exec", {
    "method":"GET",
    "muteHttpExceptions": true,
    "headers": {
        "Authorization" : "Basic " + ScriptApp.getOAuthToken()
    }
});

Am I doing something wrong or is what I am after not possible?

Basically, I have a web-app I own and someone else has a web-app they own. I am trying to find a way they can call my web-app from their web-app to do certain things that their web-app does not have access to (writing some data to some sheets and sending some emails from my account).

Solution

  • When it accesses to the Web Apps using the access token, please modify as follows.

    From:

    "Authorization" : "Basic " + ScriptApp.getOAuthToken()

    To

    "Authorization" : "Bearer " + ScriptApp.getOAuthToken()
    • As an important point of this case, please confirm whether the scopes of Drive API are included in your scopes.
    • If that is not included, please put // DriveApp.getFiles() as the comment line. By this, https://www.googleapis.com/auth/drive.readonly is included in the scopes. I think that in the case of Web Apps, this can be used for accessing.

    Reference: