I am developing an Google Sheets Add-on and at this point I need to be able to access all employees of the domain and change their Gmail signatures.
I have come across a solution but I find it hard to get the grasp of. Orginal post here or there
Below is a code that as suggested should make my life easier. However, I am concerned with the service account and the authentication. As I understand every addon user would have to generate those on their own and I would like to do it automatically via Google App Script.
Those lines I am uncertain of
var OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n';
var OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL = 'xxx@yyy.iam.gserviceaccount.com';
As a super admin on google workspace I am trying to update employees signatures but can't do it without wide-domain delegation and service account.
Code
// these two things are included in the .JSON file that you download when creating the service account and service account key
var OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY = '-----BEGIN PRIVATE KEY-----\n\n-----END PRIVATE KEY-----\n';
var OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL = 'xxx@yyy.iam.gserviceaccount.com';
function getDomainWideDelegationService(serviceName, scope, email) {
Logger.log('starting getDomainWideDelegationService for email: ' + email);
return OAuth2.createService(serviceName + email)
.setTokenUrl('https://accounts.google.com/o/oauth2/token')
// Set the private key and issuer.
.setPrivateKey(OAUTH2_SERVICE_ACCOUNT_PRIVATE_KEY)
.setIssuer(OAUTH2_SERVICE_ACCOUNT_CLIENT_EMAIL)
.setSubject(email)
.setPropertyStore(PropertiesService.getScriptProperties())
.setScope(scope);
}
Additionally I couldn't find any appropriate documention addresing my question. Can you share anything with me or clarify my doubts?
I can share more info if you need.
As it turns out. After publishing the add-on the service-account has all the privilages by default.