Creating a group with Admin SDK Directory API in Google Apps Script doesn't work “On form submit”

3
votes

I've read through all of the relevant pages in the Admin ADK Directory API documentation and several questions on stackoverflow, and I'm still stuck.

I am the super admin of my Google Apps domain, and I want users in my domain to be able to create their own Google Groups. I made a Google Form where the user specifies the name and email of the group. Then the Google Form Responses sheet has an "On form submit" trigger that invokes my code to create the group.

This code works when I run createGroupTest() from the Script Editor. It creates the group in my Google apps domain immediately.

This code does not work when the "On form submit" trigger runs the onFormSubmit(e) function. I get the email from the catch(e) saying Exception: Failed to authenticate for service: Groups.

Does anyone know what is causing the oauth authentication to work from within the Script Editor but not when invoked by the onFormSubmit function?

function onFormSubmitTest() {
 
  var t = new Date();
  t = t.getTime();
  
  onFormSubmit([t, "AAA Test Group " + t], ["aaa.testgroup." + t + "@mydomain.com"], ["[email protected]"]);
  
}

var consumerKey = "mydomain.com";
var consumerSecret = "xxxxxxxxxxxxxxxxxxxxxxxx";
var domainName = "mydomain.com";

function onFormSubmit(e) {
  
  var timestamp  = e.values[0];
  var groupName  = e.values[1];
  var groupEmail = e.values[2];
  var owner      = e.values[3];
  
  owner = owner.split("@")[0];
  
  var description = 'test';
  
  var requestBody = {email: groupEmail, name: groupName, description: description};
             
  var scope = "https://www.googleapis.com/auth/admin.directory.group";
  
  var fetchArgs                = googleOAuth_("Groups", scope);
  fetchArgs.method             = "POST";
  fetchArgs.contentType        = "application/json";
  fetchArgs.payload            = JSON.stringify(requestBody);
  fetchArgs.muteHttpExceptions = true;
   
  var url = 'https://www.googleapis.com/admin/directory/v1/groups?key=xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx';
  
  UrlFetchApp.fetch(url, fetchArgs);

}
 

function googleOAuth_(name,scope) {
  var oAuthConfig = UrlFetchApp.addOAuthService(name)
  oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope="+scope);
  oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
  oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
  oAuthConfig.setConsumerKey(consumerKey);
  oAuthConfig.setConsumerSecret(consumerSecret);
  return {oAuthServiceName:name, oAuthUseToken:'always'};
}
1
google-apps-scriptoauth-2.0google-appsgoogle-admin-sdkgoogle-directory-api
Is this code still valid? Does this require just a key in the developer console or does it require oauth2? Could you give some instructions on this? - Riccardo
@Riccardo Yes, this is still valid in 2021 and is still being used in my code. It uses the OAuth2 for Apps Script library, which is actively maintained by the Google Apps Script Team. googleOAuth_ was taken from that library but you just need to add the library, you don't need to add the function to your own code. - Employee

1 Answers

4
votes

I figured it out: I made a mistake in my code, where I didn't include the domain extension after the groupEmail string (because the Google Form only asks the user to fill in the group email name without the domain extension).

I figured I should just delete this question from stackoverflow, but I'll leave it here to document my working oauth authentication code, because:

  1. Something like this could have helped me when I was figuring it out.

  2. There aren't that many posts related to the Google Apps Admin SDK Directory API on here.

  3. There is no support from Google for development-related issues like this, they just direct users here.