Limiting OAuth scope for Google App Script
I am trying to limit my OAuth scopes in my script that sends an email after a form has been submitted. I want to limit it so that it has the least permission needed. If I click run, it tries to authorize the correct permissions. If I set up the on form submit trigger, it wants to authorize read, change, delete on all spreadsheets and change on all forms.
If I give the script full access to sheets and forms, it runs as intended. I just want to reduce some of the permissions. The screenshot shows that it is asking for more permission than what is specified in the appsscript.json file.
This script is attached to the responses sheet generated from my form.
From my appsscript.json:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/drive.file",
"https://www.googleapis.com/auth/forms.currentonly",
"https://www.googleapis.com/auth/spreadsheets.currentonly"
]
The code:
/**
* @OnlyCurrentDoc
*/
function onFormSubmit(e) {
var values = e.namedValues;
var htmlBody = 'Hey ' + values['Name of Recipient'] + "!<br>";
htmlBody += values['Name of Sender'] + " thinks you deserve a shoutout! Thank you for being so awesome!";
htmlBody += '<br> <em>' + values['Shoutout'] + " - " + values['Name of Sender'] + "</em>";
htmlBody += '<br><br>';
GmailApp.sendEmail(values['Recipient Email'],'SHOUT OUT!!!!!!','',
{from:'[email protected]',
htmlBody:htmlBody});
}
Google Form/Sheet Questions/Columns
Timestamp
Name of Sender
Name of Recipient
Name of Recipient's Boss
Shoutout
Recipient Email
Recipient's Boss Email
OAuth Permissions Screenshot:
Project Details OAuth Scopes:
- View your email messages and settings https://www.googleapis.com/auth/gmail.readonly
- Send email on your behalf https://www.googleapis.com/auth/gmail.send
- See, edit, create, and delete only the specific Google Drive files you use with this app https://www.googleapis.com/auth/drive.file
- View and manage forms that this application has been installed in https://www.googleapis.com/auth/forms.currentonly
- View and manage spreadsheets that this application has been installed in https://www.googleapis.com/auth/spreadsheets.currentonly
By default, See, edit, create, and delete all your Google Sheets spreadsheets is a required scope if you added an Installable Trigger that has event source of From Spreadsheet and View and manage your forms in Google Drive is also added if the event type is On form submit. This is to give script the access to the changes that may happen in the spreadsheet caused by submitting response. As a result, it will return the user an Event Object containing information about the context that caused the trigger to fire.
The script will also work if you manually press Run but there is no Event Object that will be passed to the function parameter.
You can try using Time-driven as event source and it will show the same scope as you declared in appsscript.json since the trigger doesn't need to access the spreadsheet to execute the trigger.
Example:
Time Driven:
From spreadsheet and On Open:
From spreadsheet and On form submit:
References:
- Formatting Specific Portions of a Gmail Email Created with Apps Script
- Extracting report data from Kickserv API into Google sheet using google Apps Script
- Google Docs Apps Script Extension Add-ons - Greyed Out after Installation
- I want to use a macro to check a value in a sheet and return one of two values
- How to union ranges in google spreadsheets
- Gemini 1.0 Pro Vision has been deprecated on July 12, 2024. Consider switching to different model, for example gemini-1.5-flash
- How to use Apps script to move a lot of data rows at same time to different spreadsheet automatically base on time
- How can I see the full server response for this API error message in Google Scripts?
- Can I list all my scripts without any other types of documents in Google Drive?
- Custom Menus Google Apps Script
- Google Sheets Index Sidebar of all tabs - add search functionality
- HTML form visible or hidden based on checkbox condition
- How do I compare new IDs with a column of existing IDs and allowcate a timestamp if two IDs match on Google Sheets?
- Google script Display array with rows of different sizes
- How to Delete Today's Google Calendar Entries in Google Apps Script
- Return index of cell that contains match on two strings
- How are list the permissions of shared drive in app-script
- Google Apps Script: Finding an element in a Column and returning the corresponding row
- How to run a web application in Android mobile Chrome browser
- Active VS Effective User for Google Sheets
- Resolving TypeError when trying to use findIndex
- I am not able to extract URL from these cell values using Google Apps Script
- How to type hint Google Types in Google Scripts?
- Getting started with google app script - can not retrieve form submission parameters
- How to execute a Google Apps Script ONLY on the edited row
- How to copy the last row in one table and append to another table in the same GSheet (the same tab)
- Google Apps Scripting variables and values
- Replace duplicate row with new data in Google Sheets using Apps Script
- Google App Script: DateTimePicker object shows time in UTC time zone
- Incorrect result of iferror formula via Apps Script