Running Google Apps Script through https request with Service Account credentials

0
votes

I'm working on a Flutter app. And I've been trying to run my web-app Google Apps Script through http request since I'm required to use a Service Account and that access isn't supported in the Apps Script API. But I keep getting a 403/Forbidden response to the requests. I have the credentials for the Service Account and I am using its access token in my request but it still doesn't work.

I'm a novice at http requests and new to Google's authentication protocols so I'd appreciate some insight.

Thanks in advance.

Code:

    return await driveUtils.getCreds(context).then((creds) async {
      final drive_scopes = [drive.DriveApi.DriveReadonlyScope, "https://www.googleapis.com/auth/drive.file"];
      final script_scopes = [app_scripts.ScriptApi.ScriptDeploymentsScope];
      return await clientViaServiceAccount(creds, script_scopes+drive_scopes).then((AuthClient client) async {
        debugPrint("url = " + url);
        debugPrint("token = " + client.credentials.accessToken.data);
        return await client.get(url,
          headers: {
            "Authorization": "Bearer ${client.credentials.accessToken.data}"
          }
        );

      }, onError: onClientError);
    }, onError: onCredsError);

Background: The script creates a Form and sets it Destination to a Spreadsheet's ID. Hence, the app requires that anyone who runs it to have a Google account to become the owner of the new Form and obtain access to the Sheet.

Update: It seems that Service Accounts can only access scripts that are within the same Google Cloud Project. This is a big issue since the point of the script is to create a central place for acquiring Form creation functionality for my app. And the app is intended to be used by anyone.

Does anyone have any ideas? Assuming a Service Account is the right Google Credentials for my app, I essentially need the ability to:

  1. Create a Form that can be assigned to a user
  2. Designate a user's spreadsheet as the forms response location
  3. Retrieve the forms publishedURL
1
fluttergoogle-apps-scripthttp-status-code-403service-accounts
Unfortunately, the Apps Script API does not work with service accounts. Ref So, if you want to run the Google Apps Script, how about using Web Apps? Ref In this case, the function of Google Apps Script can be run by HTML request. And also, the access token of the service account can be used for the authorization of Web Apps. If this was not the direction you expect, I apologize.Tanaike
@Tanaike I tried all that. My current issue is that if I getting to the WebApp by means of a service account access token. I keep getting a 403 response. I'm currently under the impression that service accounts can only access WebApps in the GCP. Do you know anything about this?Bernardin Dezius
Thank you for replying. From My current issue is that if I getting to the WebApp by means of a service account access token. I keep getting a 403 response, I cannot understand about the detail of your script and settings of Web Apps and the script of the client side. This is due to my poor skill. I apologize for this. About ` I'm currently under the impression that service accounts can only access WebApps in the GCP.`, I cannot understand it. Can I ask you about the detail of it?Tanaike
By the way, when the script of Web Apps is modified, please redeploy it as new version. By this, the latest script is reflected to the Web Apps. Please be careful this.Tanaike
Thank you for replying. In your case, please create new Google Apps Script project and put the simple script and test it again. Because I think that your script has already used several scopes because of your existing script. After you confirmed the test using the simple script worked, please got to the next step using your script. In that case, although I'm not sure about your actual script, the specific scopes might be required to be added. Please be careful this.Tanaike

1 Answers

0
votes

@Tanaike helped me figure out the issue. In order to make the script visible and able to run with a Service Account I had to change the Share setting for viewing the script. Simple solution