I am working with Apps Script on a Google Site and I am trying to use Oauth to authenticate the gadget as the active user to show the active users documents list. I have found several Google group discussions asking about this with no answers, was hoping I could get an answer on here. Here is my code:
var oauthConfig = UrlFetchApp.addOAuthService(“gDocs”);
oauthConfig.setAccessTokenUrl(“https://www.google.com/accounts/OAuthGetAccessToken”);
oauthConfig.setRequestTokenUrl(“https://www.google.com/accounts/OAuthGetRequestToken?scope=https://docs.google.com/feeds/”);
oauthConfig.setAuthorizationUrl(“https://www.google.com/accounts/OAuthAuthorizeToken”);
oauthConfig.setConsumerKey(“myDomainName”);
oauthConfig.setConsumerSecret(“myCosumerSeceret”);
var options =
{
“method”: “GET”,
“headers”: { “GData-Version”: “3.0” },
“oAuthServiceName” : “gDocs”,
“oAuthUseToken” : “always”
};
var results = UrlFetchApp.fetch(“https://docs.google.com/feeds/default”, options);
At this point the code does not run and the page with the gadget displays:
Authorization is required to perform that action.
Any assistance would be greatly appreciated.
Thank you,
James Krimm
It’s not possible to access the
active userdata. A published Apps Script, as on a site, runs under the account of the script owner, calledeffective user. And, as a security concern, the script owner does not have permission to access any data of theactive user.So, what @claudio suggests (of using builtin DocsList) is not possible.
Unless we’re talking about a Google Apps domain (and not regular consumer accounts) and the script owner is the domain administrator. In which case he can use the Google Docs List Data API to impersonate any user on his domain.
Either way, the consumer key and secret should always be “anonymous”, regardless this scenario.