labnol / apps-script-starter

Setup a local development environment inside Visual Studio Code and build Google Workspace add-ons with Google Apps Script

Home Page:https://www.youtube.com/watch?v=KxdCIbeO4Uk

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Unauthenticated for users other than myself

everttrollip opened this issue · comments

Up until now, only I needed to use and execute the scripts. I followed the instructions (a couple of months ago) to set it up properly, and I can deploy and execute functions without problems. I seem to struggle to have other google accounts to execute the same functions though, and getting the following error from Google each time:

code: 401
message: "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project."
status: "UNAUTHENTICATED"

A screenshot of this same error in the frontend,

CleanShot 2020-06-23 at 08 53 25@2x

Any chance you might know why or what I am doing wrong? My manifest file:

{
  "timeZone": "Europe/Berlin",
  "dependencies": {
    "enabledAdvancedServices": [
      {
        "userSymbol": "Gmail",
        "serviceId": "gmail",
        "version": "v1"
      }
    ],
    "libraries": []
  },
  "webapp": {
    "access": "ANYONE",
    "executeAs": "SERVICE_ACCOUNT"
  },
  "exceptionLogging": "STACKDRIVER",
  "oauthScopes": [
    "https://www.googleapis.com/auth/gmail.send",
    "https://www.googleapis.com/auth/gmail.readonly",
    "https://www.googleapis.com/auth/gmail.settings.basic",
    "https://www.googleapis.com/auth/script.external_request",
    "https://www.googleapis.com/auth/script.scriptapp",
    "https://www.googleapis.com/auth/script.send_mail",
    "https://www.googleapis.com/auth/script.storage",
    "https://www.googleapis.com/auth/script.webapp.deploy",
    "https://www.googleapis.com/auth/spreadsheets",
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/script.container.ui"
  ]
}

and my Google client is initialised with the following scopes:

const SCOPES = [
  'email',
  'profile',
  'https://mail.google.com/',
  'https://www.googleapis.com/auth/userinfo.email',
  'https://www.googleapis.com/auth/drive.file',
  'https://www.googleapis.com/auth/drive.metadata',
  'https://www.googleapis.com/auth/script.projects',
  'https://www.googleapis.com/auth/script.container.ui',
  'https://www.googleapis.com/auth/script.external_request',
  'https://www.googleapis.com/auth/script.scriptapp',
  'https://www.googleapis.com/auth/script.send_mail',
  'https://www.googleapis.com/auth/script.storage',
  'https://www.googleapis.com/auth/script.webapp.deploy',
  'https://www.googleapis.com/auth/spreadsheets',
];

It appears that I had to explicitly add the following three scopes to my google client initialisation in the frontend:

"https://www.googleapis.com/auth/gmail.send",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/gmail.settings.basic",

originally I thought that this scope,

https://mail.google.com/

would account for that. Apparently not?

The https://mail.google.com/ scope is likely to cover all Gmail scopes but it is recommended that you do not use broad scopes.

Where exactly are you getting the error? If server-side, it is unlikely to be related to clasp.

This error was happening client side, where I was trying to execute the script with:

client.script.scripts.run(...)

However, after updating the scopes, and ensuring all the scopes in my manifest were also being used in the client, it worked fine again.