Google apps script web application and OAuth authorization (PHP)

0
votes

I need to call my GAS web application from my php service without any user interaction:

  1. Script is associated with project
  2. All credentials I get from developers console ( http://note.io/1dq51gI )
  3. In php I get access token ( token works ok for another google services )
  4. I try to send get query to my script, by always have 401 response ( http://puu.sh/hX9VJ/fdce874ff5.png )
  5. This is deploying settings - http://puu.sh/hXa5h/a4c8ad4ff2.png (execute as user accessing the app, access anyone)
  6. In php I use google php client library

This is my php code:

    $client = new Google_Client();
    $client->setApplicationName('my app');
    $client->setClientId('my-id.apps.googleusercontent.com');

    $cred = new Google_Auth_AssertionCredentials(
        '[email protected]',
        ['https://spreadsheets.google.com/feeds', 'https://www.googleapis.com/auth/drive.scripts'],
        file_get_contents(__DIR__ . '/google-app-key.p12')
    );

    $client->setAssertionCredentials($cred);

    if($client->isAccessTokenExpired()) {
        $client->getAuth()->refreshTokenWithAssertion($cred);
    }

    $objToken  = json_decode($client->getAccessToken());
    $accessToken = $objToken->access_token;

    $curl = curl_init();

    $header = [];
    $header[] = 'Content-type: application/json';
    $header[] = 'Authorization: Bearer '.$accessToken;

    curl_setopt($curl, CURLOPT_HTTPHEADER,$header);
    curl_setopt($curl, CURLOPT_POST,true);
    curl_setopt($curl, CURLOPT_URL, 'https://script.google.com/macros/s/script-id/exec?query-params');

    curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'GET');
    curl_setopt($curl, CURLOPT_USERAGENT, "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.1.9) Gecko/20100315 Firefox/3.5.9");

    curl_setopt($curl, CURLOPT_FOLLOWLOCATION, true);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, true);

    curl_setopt($curl, CURLOPT_SSLVERSION, 1);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
    curl_setopt($curl, CURLOPT_HEADER, true);


    $rest  = curl_exec($curl);
    $error = curl_error($curl);
    $info  = curl_getinfo($curl);

    curl_close($curl);

I always get 401 response from google, and it is a problem.

Thanks!

1
phpoauthgoogle-apps-script
With Authorization: OAuth token headers I have the same result.. - Alex

1 Answers

0
votes

   Content service scripts called from the server-side do not work with "User accessing the web app". This is because a script needs additional info from the user's google cookie SID,HSID,SSID to run the script as them. This is why you can test the code in something like hurl.it and it looks like this is possible, but the same call from cURL will fail.

   If you are calling the script from a server it has to be set as execute as "me". The Oauth token you pass in the header will be used for the option "Who has access to the app".