When I deploy a doPost (or doGet) function as a wep app, I can choose the "Who has access" options:
When I choose "Anyone with MY-DOMAIN", how to tell the doPost function that the access user is within the domain?
I want to use "Anyone within MY-DOMAIN" instead of "Anyone" for security.
1. I prepared a doPost function as follows in a stand-alone script.
function doPost(e) {
const json = JSON.parse(e.postData.contents);
const text = json.text;
return ContentService.createTextOutput(`The text you sent is "${text}"`);
}
2. I deployed it and copy the URL of the web app. enter image description here
3. I preared another stand-alone script to access the doPost function as follows.
function myFunction() {
const app_url = "-----------Copied URL in the process #2.-------------";
const data = {'text': "Hogehoge" };
const params = {
'method': 'post',
'headers': { 'Authorization': 'Bearer ' + ScriptApp.getIdentityToken()},
"ContentType": "application/json",
'payload' : JSON.stringify(data),
'muteHttpExceptions': true
}
const resp = UrlFetchApp.fetch(app_url, params);
//Expected to output 'The text you sent is "Hogehoge"'
console.log(resp.getContentText());
}
I think the request header should contain some information about the account execute myFunction, but I'm not entirely sure ScriptApp.getIdentityToken()is appropriate.
To get the identityToken, I added "https://www.googleapis.com/auth/userinfo.email" scope in appscript.json.
4. I execute myFunction() using an account within the domain. The returned text was:
<HTML>
<HEAD>
<TITLE>Unauthorized</TITLE>
</HEAD>
<BODY BGCOLOR="#FFFFFF" TEXT="#000000">
<H1>Unauthorized</H1>
<H2>Error 401</H2>
</BODY>
</HTML>
"ContentType": "application/json", should be "contentType": "application/json",.
doPost, this might not be required to be used.access_token instead of the request header.doPost with the users you want to access.https://www.googleapis.com/auth/drive or https://www.googleapis.com/auth/drive.readonly.When these points are reflected in your script, please do the following flow.
About the scope, from To get the identityToken, I added "https://www.googleapis.com/auth/userinfo.email" scope in appscript.json., please use https://www.googleapis.com/auth/drive or https://www.googleapis.com/auth/drive.readonly.
Please share the Google Apps Script project of doPost with the users you want to access.
Please modify your showing script as follows.
function myFunction() {
const app_url = "-----------Copied URL in the process #2.-------------";
const data = { 'text': "Hogehoge" };
const params = {
'method': 'post',
"contentType": "application/json", // This might not be required to be used.
'payload': JSON.stringify(data),
'muteHttpExceptions': true
}
const query = `?access_token=${ScriptApp.getOAuthToken()}`;
const resp = UrlFetchApp.fetch(app_url + query, params);
//Expected to output 'The text you sent is "Hogehoge"'
console.log(resp.getContentText());
}
I'm not sure about the actual setting of your Google Workspace. When this didn't resolve your issue, I would like to recommend confirming whether you can make users access your Web Apps to the administrator.
When I saw the thread showing in Waxim Corp's comment, I noticed that I didn't post it as an answer. So, in order to summarize this, I posted this as an answer.