IssueTracker

I 'm facing the same problem. When calling the function that requires oauth authentication from a menu item, we get the mentioned "OOps" dialog. When calling the same function from the editor - We get the Authorize/Cancel dialog.

Same issue.
How can share automation scripts if it will not work for users till they will do authorization in editor????

I've had an original issue to get authorization for Google Sites. It was then merged into another, which was merged into this one.
How is this issue related to sites auth at all?

@robert.csala You're right, your original issue is different. I'll reopen that one and handle it separately.

Thank you, it's very kind of you.

I found that sometimes when running a script that needs authorization through a button click the action just fail silently. There are no errors or anything else. It's like the script is not even run.

I have same issue.

I can show "Authorize/Cancel dialog" by running script at only Script Editor or Script Manager.

I hope fix that.

I have same problem,in my case i have many app script in site.it makes me very tired.

T_T

I have the same issue
Using the editor for performing the OAuth authorization is just too complicated for a "normal" user.

We have been developing a spreadsheet with a script interacting with third-party APIs, but we had to stop it until one can perform the authorization from the spreadsheet.

I have the same issue.


sometimes,i grant the "script A" to access my sites but the "script B" is revoke automate.

Hi I suppose somebody could implement a client library for server-to-server auth 2.0 for Google App Script:

https://developers.google.com/accounts/docs/OAuth2ServiceAccount

This would be fully programmable oauth2.0 without any user interaction at all. Does somebody know whether this could work for Google Apps Script?

Anyways, frontend user auth in spreadsheets would be much appreciated.

All the best

Mario

Well, the whole idea of using oAuth is to get explicit user approval for a service. To ease your pain of programming for oAuth, there is a library available for Google Apps Script ( https://developers.google.com/apps-script/notable-script-libraries )

Hi, thanks for your suggestion, however I don't agree - In my eyes oAuth serves as a open standardized way of accessing protected information in a secure way - it doesn't necessarily involve a user interaction.

The library you provided is based on oauth 1.0 (I think so because it makes use of the API key which is def. not oauth 2.0) and procudes the exact same results as my own implementation (asks for authorization in the scripting interface, throws an error 'auth required' in the spreadsheet interface).

So it doesn't solve our problem.

All the best

Mario

PS: For your convenience I attached my own GAS oauth implementation for Google Analytics - it's really not that wild but it still requires users to consent in the scripting interface.

I absolutely agree with Mario here, any authorisation scenario needs to function without the end-user needing to seek recourse from the scripting interface.

I'm sorry but all the comments from 14 to 17 are completely missing the point with this issue.

oAuth (either v1 or v2) requires User Authorization on the client side. I'm not complaining or discussing it here.

The problem is that the dialog to get oAuth only appears if you execute the function from the editor, if you execute the function from a menu, or using a formula then you just see an error, and you should see the option to authorize instead.

Once you run from the script editor the code runs fine even through a menu button.

This bug may actually be fixed by now. I'll try to confirm that.

It's Sep 2012, and this issue still exists.

Attached is the simplest test case to reproduce this problem.

Recipe:
- Go to your google account > Security > Authorizing apps & sites, Edit
- Make sure to click 'Revoke Access' behind any 'scripts.google.com - Google Contacts' entries
- Go to Google Drive
- Create Empty Spreadsheet > Tools > Script Editor
- Cut and paste code from attached file
- Give the spreadsheet a name and close this tab
- Re-open the spreadsheet and wait for the 'Test' menu to appear
- 1. Test > Perform Test: A red error message appears. Click 'dismiss'.
- 2. Test > Perform Test: The script 'hangs'. Click 'dismiss'
- 3. Tools > Script Editor > Run > test: A 'Authorization Required' message appears. Clicking 'Authorize' will properly authorize this script
- 4. Test > Perform Test: Script runs fine after it has been authorized.

The problem here is that a user can't authorize this script when run from the menu.
The use can authorize it by running if from the script editor once.

Answer to comment #19 <<The problem here is that a user can't authorize this script when run from the menu. The use can authorize it by running if from the script editor once.>>
--
I know it's not the definitive solution, but you can add an image to the Spreadsheet. In the image options, you can set it to call test() or any other function of your script when clicking on it.
Authorization process is called from the image in the same way as if it is called from script interface.
You can also add another image that calls a function with ScriptApp.invalidateAuth() inside, that will delete all authorization.

Re comment #20: I wished your suggestion worked. I inserted an image and a drawing and assigned the test() function to both. They have similar symptoms as invoking it from the menu: First a red message. Then a hang.

FYI: When accessing contacts through the ContacsApp, the proper Authentication process shows up, regardless of how it's invoked. It's just the UrlFetchApp.fetch that displays this 'Authorization Required' dialog box when run from the scrip editor, but not when run from the menu, image or drawing.

I wonder if we can retrieve the script's customerKey and customerSecret so that I can use ContactsApp once to authorize and then use the same key/secret for UrlFetchApp. Any ideas anyone?

Was this just never fixed and noone cares anymore?  Still an issue many months later for me...

I definitely still care, the authorisation use-case is just rubbish. Progress is so slow on these issues that I have to give up waiting for them.

same problem from a published web app, just worst cause there is no editor around
any good news or workaround?

this "Authorization is required..." ERROR page happens according to https://developers.google.com/apps-script/troubleshooting though not exactly as described: whenever an end-user requests a web-app script, GAS system requires the user to dismiss this error page AND request the script once again, only then displaying the more "intuitive" page asking to grant access. end user is not required to open the editor but still this whole flow is a bit messy for the user.

Hi there !

I think I might have found a workaround to this problem, which was a real pain for us. The general idea is to not let UrlFetchApp handle the OAuth authorization process, but to do it manually. So it needs to write a bit of code to do that. It took me 12 straight hours, but since I had to look for many answers myself, I guess it would take you between 6 to 10 hours max to redo it.

A bit more precise guidelines :
- everytime you use UrlFetchApp.fetch(), include httpMuteExceptions : true in your options. That way, fetch() will return exactly what the server responds.
- don't use the oauthconfig system of UrlFetchApp. Send requests as though they were unauthenticated. Build your own "Authorization" header in the options of UrlFetchApp.
- in order to learn how to first authorize, and then build the authorization header each time you make a request, the best resources I found were :
    - this tutorial by twitter : https://dev.twitter.com/docs/auth/authorizing-request, very clear and very precise
    - the OAuth doc (less easy) : http://oauth.net/core/1.0a

Why does it solve the issue ? Because you can manually detect when the service provider responds "user authorization needed", and then redirect the user with a UiApp to the Url given by the service provider. For that, I used a UiApp with a very simple window and an anchor to make a 1-click redirection.
You will also need to set up your script as a webapp, and in the doGet function you'll only have to extract the information that the service provider will give back to your script once the user has authorized it, and continue the process from there.

If it can be of any help to anyone, I can post my code here. Let me know.

Cheers !

Yes victor.c, it would be great if you could share your logic for this.  Even just a function to build the signature and generate the _nonce variables would be helpful.

Yes Victor, it would be very helpful if you post some code.
Thanks in advance, Fausto

Hi there.

So here it is. For your information, I added some Logger.log() and some displayPacketExchange() (function which I wrote) only for my own debugging, but you can take them away.

I found that this code is actually more efficient than using UrlFetchApp, as for some reason, UrlFetchApp would ask for re-authorization very often, if several users were calling the script. Whereas this code has never de-authorized since I wrote it.

Also, I wrote this script for use only inside my company. So I am storing credentials to access data only as a couple strings in the script's properties. If you want to write an app that will access data from many users, then you might want to store the tokens and token secrets in the ScriptDB, for easier recollection.

Also, whether you will have to use GET or POST will depend on the service provider that you are trying to reach. Same thing for signature encoding method. I am using HMAC_SHA1, which is pretty mainstream, but another service provider can request another way of doing. In that case all you have to do is to use another encoding function, provided by Google Script's API anyway.

Also, in my code, at the end of authentication, I am calling a function that I named "retrieveBaseURI". This is specific to the service provider I am calling (Quickbooks). But generally, at this point you are all set, and you can start making queries as you wish.


Enjoy !

Thanks so much Victor.c!  I rewrote the process so that it works with AdWords Scripts and posted it on my blog.  The code should work in a normal Google Script as well. Let me know if you have trouble getting it to work.

http://www.freeadwordsscripts.com/2013/02/authenticating-to-oauth-services-using.html

Thanks,
Russ

:) happy that I could be of help

Thanks Victor and Russ, I have put your code (c#29) and post (c#30) for further review.
They are still quite over my head, but I'll give it a try
I am trying to do use it for Google Contacts API
Thanks again, Fausto

Let's get this addressed

[Comment deleted]

#34 Daniel, could you explain your code above a little bit more. I'm not sure how this is used to accomplish the issue. I've inserted another function call that would normally invoke the authentication dialogue box (if ran under script editor) in your 'authorizeApplication()', but doesn't seem to have resolved the issue.

Tried calling the function from a menu like #34 suggested, tried calling the function from an image like #20 suggested, but this does not work.

I guess everyone here would be helped if the Authorization popup would simply show in the spreadsheet itself instead of in the Script Editor.

Seems so simple even the toilet lady could add this functionality, but two years have passed since the original request and nothing has been done about it.

I just spent several days building a complex Spreadsheet script which interacts with the database of my website; everything finally works now, except this authorization issue. Very frustrating!

hahaha I am sure the toilet lady would love to do this :)

A workaround I found was to add a sheet 'Reauthorize script', with a button "Authorize script", linked to a function that basically does nothing. When the user clicks on it, the authorization window pops up in the spreadsheet.

It's not perfect before the user needs to know that if the script is not loading she needs to click on the button, but it helped a bit on my case.

Thank you so much Victor (#37)! Your solution worked. I will try to explain in detail when it works and when it does not.

To get the authorization pop-up to show up in the spreadsheet..
..create a menu item to a function (like #34 suggested) or an image with a function call attached to it (like #37 suggested) > add an image, click on the image, open the image dropdown menu and select "assign script"

The authorization pop-up will NOT show up in the spreadsheet when..
..the function called executes something which requires authorization (e.g. UrlFetchApp). This causes the function to silently fail and the authorization pop-up will only shows after a function is FULLY EXECUTED by THE USER from WITHIN THE SPREADSHEET. Pop-up will therefore also NOT show up if you call a function from an HTML popup created with HtmlService, nor will it show up from an onOpen or onEdit function.

Hope this helps some people out!

It seems that most people here forgot the original issue... It is not about the "normal" authorization process that will indeed be triggered by any function call (from menu or image, it really doesn't matter) but with the oAuth APIs calls that DOES NOT make it happen unless you go to the script editor and run a function using this API from there. This is a separate authorization process.

... i have the same issue:
We build a service with google apps script (deployed as web app). This service script uses a google api with UrlFetchApp and oAuthConfig. Our script and service is working without problems.

Problem: If a new user wants to use our service, he starts the service url and the service opens. In this process he has to authorise everything the script function uses without the with urlfetch used api. So, if he starts the service again, he get the error message: "Authorization is required to perform that action". The only way we found to authorise the urlfetch-api is that the user go into the scripteditor and start the function from the editor UI. If he do so, he can authorise this api. Afterwords he can start the service via url and everything is working well.

Please fix this!

+1 for #39. We need a programmatic way to trigger the authorization dialog. Plus in essence this shouldn't pose additional security threats since the user is still required to click to confirm the authorization.

Totally agree with the previous post. Come on GOOGLE, please implement method can be called from onOpen trigger.

THanks

I agree with this

me too

FIX IT

WE HAVE A COMPETETION SOON FIX IT

When authorizing a Doctopus script, I find it disheartening that is says
anonymous is requesting permission to:
View and manage your spreadsheets in Google Drive
View and manage any of your documents and files in Google Drive
Who is "anonymous" - Google? The creator of the script?
Will they access my students files?
This is creepy...I suppose I have no choice. I would feel better if I knew who was managing these files.

Agree with last comment. Its possible to avoid showing 'anonymous' if the script were to use a key from the apis console but even then the name is confusing because it shows a long autogenerated email and not the app name.

it would be nice to have library called 'Authorization' (Resources->Use Google API) so if you want to, you can include it in your project.

Agreed - authorization really needs to be available on the onOpen trigger. This is actually stopping our system from being rolled out...

I do agree with the previous comment. If you use spreadsheets which are ONLY available in your organization, what is the point of asking every single user to authorize?
What is the point displaying the things like:

This app would like to:
- Know who you are on Google
- View your email address
- View and manage your spreadsheets in Google Drive
etc

All of that is misleading the user. Inside organization all of that should be disabled.

Come on Google... Listen to your customers!!

[Comment deleted]

Can we get confirmation that this is on Google's radar - or whether this is something we're going to have to wait years for?

In its current state, it's unusable from an end-user perspective. I would say it's higher than 'medium' priority...

I suspect the reason for the awkward silence from Google on this issue is that they are working on a whole new and entirely different OAuth 2 implementation.

Fix the problem!

FIX THE PROBLEM

There is no need to authorize the script from within the company. All my coworkers complain about it. Every time they use the spreadsheet from the template, they need to authorize it. They keep asking me why we should to that? Please fix this Google.

Agreed, this has to be fixed! Extremely annoying....

fix please

Fix the problem

just do it guys. we do not need authorization messages when using google spreadsheet inside the company.

Would love to see this issue resolved.

fix please

We decided not to take action on this feature request. I talked a little about our plans in Issue 36758624:

https://code.google.com/p/google-apps-script-issues/issues/detail?id=2580#c13

Rather than extend the OAuthConfig technology we have today to allow for granting authorization outside the script editor, we provide the components necessary for you to build your own OAuth flows. We believe this will allow for greater flexibility and make it possible to support OAuth2. We don't yet have end-to-end samples demonstrating how to do this but hope to have those live in the coming weeks.

Hi, please fix this issue. Still waiting for it. I need an end user approval for a document. Once the user requests access, and email is sent to the owner's document asking to share code with the end user.

What are we up now with this issue?

I'll wait for your answer as soon as possible.

Regards.  

Carlos seems you havent read the last update before your post.

what about examples? can someone attached any sample file?

thanks

Any new infomation?

Is there any demonstration or sample ?

[Comment deleted]

Has any sample code been released?

I'd still vote for this to be added as a feature - building an OAuth flow to a container bound script adds significant complexity.

I've had a go at writing an oAuth flow.

There's certainly some unresolved issues.. but in it's current state it does allow an end user to auth a container bound script without having to open the script editor.

Having said that, I've had trouble getting state tokens to work, and unless we can figure out how to resolve that, my flow doesn't actually provide any benefit over the workarounds offered in #37 & #38 above.

Anyhow I wrapped my oAuth flow up in a library which you can add to your own script, and posted the code and some example usage on github here: https://github.com/leviwheatcroft/OAuthService

If anyone has some input on the script token, I've opened an issue against that project.. I'd love to hear from you.

If you try out the library in your own project and have any problems, please open an issue on the github page.

Last week we released an OAuth2 library for Apps Script, using StateTokens and the /user call back endpoint. Usage information and source code is available here:

https://github.com/googlesamples/apps-script-oauth2

[Comment deleted]

Note, the library I linked to above only supports OAuth2.

Good

Does #74 really enable my organization to run a script in copied sheets without having to authenticate in every copy of my "template sheet" ?

I don't read that out of the documentation.

The current Google strategy is smart for 1-2 document projects - but a professional organisation can't use the flows that I see Google sheets is using.

@soren, if you don't want users to re-authorize a script for every spreadsheet then deploy it as an add-on instead, restricted just to your domain.

how to restrict add-on just to the domain?

So did we finally find a solution for the original problem which was to get authentication from sheets itself without going to the script editor and running the function to get the authentication.

Manna khan

Totally agree with the previous post. Come on GOOGLE, please implement method can be called from onOpen trigger.

THanks

http://www.wdfshare.com