brucemcpherson
Update ID to work with GAS Libraries+ function
This information did not work for me: https://github.com/brucemcpherson/cGoa/blob/59c9b3840d202cf73298467dc57a45275e09442d/forPublishing.gs#L18
Instead, it worked to use this id value: 1v_l4xN3ICa0lAW315NQEzAHPSoNiFdWHsMEwj2qA5t9cgZ5VWci2Qxv2
This old ID (MZx5DzNPsYjVyZaR67xXJQai_d-phDA33) also appears on various web sites and slide presentations, eg https://ramblings.mcpher.com/oauth2-for-apps-script-in-a-few-lines-of-code/
Thank you Dan, unfortunately google changed the way ids worked a while ago, and both the old and new still worked. Looks like they've deprecated the old ids now.
bruce
On Wed, 3 Jan 2024 at 14:49, Dan Brown @.***> wrote:
This information did not work for me:
https://github.com/brucemcpherson/cGoa/blob/59c9b3840d202cf73298467dc57a45275e09442d/forPublishing.gs#L18
Instead, it worked to use this id value: 1v_l4xN3ICa0lAW315NQEzAHPSoNiFdWHsMEwj2qA5t9cgZ5VWci2Qxv2
This old ID (MZx5DzNPsYjVyZaR67xXJQai_d-phDA33) also appears on various web sites and slide presentations, eg https://ramblings.mcpher.com/oauth2-for-apps-script-in-a-few-lines-of-code/
— Reply to this email directly, view it on GitHub https://github.com/brucemcpherson/cGoa/issues/4, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOONBF6YRUB3NWJYSLJY73YMVVVZAVCNFSM6AAAAABBLRIKF6VHI2DSMVQWIX3LMV43ASLTON2WKOZSGA3DIMJWGMYTEMQ . You are receiving this because you are subscribed to this thread.Message ID: @.***>
Thanks Bruce. Two more possible fixes that helped me follow the instructions here https://ramblings.mcpher.com/oauth2-for-apps-script-in-a-few-lines-of-code/some-oauth2-walkthroughs/, in particular the #3 ("web application running as me"):
What should replace the placeholder HTML_FILE on slide 12 ? I got an error "ReferenceError: HTML_FILE is not defined" which I ignored.
Slide 14: I used "https://..." for the Authorized javascript origin instead of the "http://..." shown
Those changes allowed me to proceed with the instructions in those slides.
However I am still getting 401 errors "Invalid bearer Token" when trying to use the token in a call to UrlFetchApp.fetch() to a website that I am trying to access, which expects me to be authenticated via Google SSO. It is quite likely that I am confused about how many OAuth tokens I need to create (only one?) and how to create a token that will be acceptable to a non-Google website. Any suggestions would be most appreciated. Thanks! Dan
Dan
The html_file is the name of your apps script html file which contains the code for your webapp running under control of apps script - ie. a published htmlservice webapp. Which other website are you using and did you set up the credentials for that website's api in their developer console?
bruce
On Thu, 4 Jan 2024 at 09:30, Dan Brown @.***> wrote:
Thanks Bruce. Two more possible fixes that helped me follow the instructions here https://ramblings.mcpher.com/oauth2-for-apps-script-in-a-few-lines-of-code/some-oauth2-walkthroughs/, in particular the #3 https://github.com/brucemcpherson/cGoa/issues/3 ("web application running as me"):
What should replace the placeholder HTML_FILE on slide 12 ? I got an error "ReferenceError: HTML_FILE is not defined" which I ignored.
Slide 14: I used "https://..." for the Authorized javascript origin instead of the "http://..." shown
Those changes allowed me to proceed with the instructions in those slides.
However I am still getting 401 errors "Invalid bearer Token" when trying to use the token in a call to UrlFetchApp.fetch() to a website that I am trying to access, which expects me to be authenticated via Google SSO. Any suggestions would be most appreciated. Thanks! Dan
— Reply to this email directly, view it on GitHub https://github.com/brucemcpherson/cGoa/issues/4#issuecomment-1876776274, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOONBDTWF5A7L66UXHBU3LYMZZFBAVCNFSM6AAAAABBLRIKF6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZWG43TMMRXGQ . You are receiving this because you commented.Message ID: @.***>
Hi Bruce- that makes sense re the html file.
The website does not expose this via an api, and there is no way to get a client id and secret from this website. So I am now just using cached cookie values that I copied from a session where I logged in using Google SSO. It would be nice if I could automate that, but I don't understand OAuth well. I am probably confused about which leg is which.
Ah.. okay
So oauth works by eventually providing a token specific to the service you want to access, scoped to the type of access you want to have and authorized to come from the source you've specified. The client id and secret is specific to the api providing the service, which is also responsible for providing the token in the first place, which it subsequently matches back to all those values before allowing you access to be the requested resource.
Google SSO, on the other hand, is just the identity part in all that. Sites can contract that part to be identity providers to check who exactly you are. The authorisation part comes afterwards.
Cheers
On Thu, 4 Jan 2024, 21:29 Dan Brown, @.***> wrote:
Hi Bruce- that makes sense re the html file.
The website does not expose this via an api, and there is no way to get a client id and secret from this website. So I am now just using cached cookie values that I copied from a session where I logged in using Google SSO. It would be nice if I could automate that, but I don't understand OAuth well. I am probably confused about which leg is which.
— Reply to this email directly, view it on GitHub https://github.com/brucemcpherson/cGoa/issues/4#issuecomment-1877784810, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAOONBG5G3JDPWRW75BVB4DYM4NKTAVCNFSM6AAAAABBLRIKF6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMYTQNZXG44DIOBRGA . You are receiving this because you commented.Message ID: @.***>