How to get all of the user's emails when they are signed in with multiple accounts?

1
votes

I have a Google Web App for a school that has a domain for G Suite, i.e. emails are @theschool.org. The app is connected to a spreadsheet that includes a whitelist of email addresses (teachers at the school) that are allowed to access the app. All others get an "access denied" message when the page loads. The script uses Session.getEffectiveUser().getEmail() to get the user's email and compare it to the list.

Some users use personal devices or chromebooks where they are signed in to both their personal gmail account and the school's domain account. Some experimentation has revealed that in this situation, Session.getEffectiveUser().getEmail() and Session.getActiveUser().getEmail() always return the email address for the account that was signed in first, which means users are being denied access even though they've signed in (later) with their whitelisted account. Curerently, they have to sign out all accounts, then sign in the school account to gain access.

I would like to get a list of all gmail addresses the user is currently signed in with, so I can check whether any of them is on the whitelist, avoiding the need to sign out and back in. Is there a way to do this within Apps Script?

Google's documentation on the User class and the Session class does not mention anything about multiple accounts.

1
google-apps-script
This is an Apps Script bug that is two years old. See: Issue Tracker - Authorization Required As far as I know, Apps Script does not have a way to get the accounts of all logged in users. The best you can do is try to display a message to the user when there is an error. And explain to new users what the situation is. Another option for the users is to open another Chrome browser window in incognito mode and log into the correct account.Alan Wells

1 Answers

1
votes

I would like to get a list of all gmail addresses the user is currently signed in with, so I can check whether any of them is on the whitelist, avoiding the need to sign out and back in. Is there a way to do this within Apps Script?

Answer:

This is not possible using Apps Script.

Explanation:

Google Apps Script is a JaveScript based, cloud-based language which does not run on the local machine of the user. It can not access any information in the local session and so can only see which user is the active user, logged in and running the script.

The only session information available via Apps Script is defined in the Documentation:

  • getActiveUser() - Gets information about the current user.
  • getActiveUserLocale() - Gets the language setting of the current user as a string—for example, en for English.
  • getEffectiveUser() - Gets information about the user under whose authority the script is running.
  • getScriptTimeZone() - Gets the time zone of the script.
  • getTemporaryActiveUserKey() - Gets a temporary key that is unique to the active user but does not reveal the user identity.

This last point is important - it is a severe privacy issue to be accessing a local session and obtaining the information of users' identities. This is, therefore, not possible.

References: