Steve Bazyl

Were you able to reproduce this this or concerned by not seeing it in the code? IIRC the state token validation and session binding is handled by the Apps Script...

Yes, the apps script team is looking into it. No updates yet, but will share what I can. Like I said, user scripts/libraries don't have direct access to the session...

This has been reported fixed by the apps script team -- there's now stronger binding between the session/device and the state token. Closing here.

Assuming you're referring to the bracket maker sample, please see the guide at https://developers.google.com/apps-script/articles/bracket_maker. Likely missing some set up steps to create the named ranges. Otherwise, for general apps script...

Looks like underlying issues with apps script have since been resolved, marking as closed.

Can you provide examples of endpoints that implement that field? I've seen refresh_token_expires_in used by LinkedIn and a few others, but none that use refresh_expires_in. The link provided refers to...

To clarify, this is for help text/autocomplete to work. The function itself is usable without the jsdoc annotation.

Need more information for this to be actionable. Can you provide a sample of where you think this is an issue? AFAICT non-expiring JWTs are allowed (although strongly discouraged) and...

There's not, but something our tech writers are looking at improving. Most Workspace APIs expect to be called as an end-user, not a service account. Support for services accounts is...

No, please implement batch. There are a handful of APIs that have optimizations around batch requests (Drive mostly) that significantly impact write throughput, such as when adding multiple permissions to...