Unauthenticated for users other than myself
everttrollip opened this issue · comments
Up until now, only I needed to use and execute the scripts. I followed the instructions (a couple of months ago) to set it up properly, and I can deploy and execute functions without problems. I seem to struggle to have other google accounts to execute the same functions though, and getting the following error from Google each time:
code: 401
message: "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
status: "UNAUTHENTICATED"
A screenshot of this same error in the frontend,
Any chance you might know why or what I am doing wrong? My manifest file:
{
"timeZone": "Europe/Berlin",
"dependencies": {
"enabledAdvancedServices": [
{
"userSymbol": "Gmail",
"serviceId": "gmail",
"version": "v1"
}
],
"libraries": []
},
"webapp": {
"access": "ANYONE",
"executeAs": "SERVICE_ACCOUNT"
},
"exceptionLogging": "STACKDRIVER",
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.settings.basic",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/script.scriptapp",
"https://www.googleapis.com/auth/script.send_mail",
"https://www.googleapis.com/auth/script.storage",
"https://www.googleapis.com/auth/script.webapp.deploy",
"https://www.googleapis.com/auth/spreadsheets",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/script.container.ui"
]
}
and my Google client is initialised with the following scopes:
const SCOPES = [
'email',
'profile',
'https://mail.google.com/',
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.metadata',
'https://www.googleapis.com/auth/script.projects',
'https://www.googleapis.com/auth/script.container.ui',
'https://www.googleapis.com/auth/script.external_request',
'https://www.googleapis.com/auth/script.scriptapp',
'https://www.googleapis.com/auth/script.send_mail',
'https://www.googleapis.com/auth/script.storage',
'https://www.googleapis.com/auth/script.webapp.deploy',
'https://www.googleapis.com/auth/spreadsheets',
];
It appears that I had to explicitly add the following three scopes to my google client initialisation in the frontend:
"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.settings.basic",
originally I thought that this scope,
https://mail.google.com/
would account for that. Apparently not?
The https://mail.google.com/
scope is likely to cover all Gmail scopes but it is recommended that you do not use broad scopes.
Where exactly are you getting the error? If server-side, it is unlikely to be related to clasp.
This error was happening client side, where I was trying to execute the script with:
client.script.scripts.run(...)
However, after updating the scopes, and ensuring all the scopes in my manifest were also being used in the client, it worked fine again.