4
  1. List item

I have created a Google App Script REST - Application (starting with "script.google.com/"), that works with HTTP-requests.

The application works fine when it is available to 'everyone, even anonymous' but when I set it available to my domain only [EDIT:] OR "only myself" from the publish/deploy as WebApp[/EDIT], I can only access the web app with browser and signing in but not with http request.

I have tried requesting an authorization token with both Google OAuth Playground and an android application based on a Xamarin Auth Tutorial.

Both methods have resulted me a working authorization token that I can copy+paste to an other platform an confirm it is working with a request to https://wwww.googlapis.com/plus/v1/people/me.

I can access the Web app with browser and signing in. Now when I call my script with http request I get the following result:

"<HTML> <HEAD> <TITLE>Unauthorized</TITLE> </HEAD> <BODY BGCOLOR="#FFFFFF" TEXT="#000000"> <H1>Unauthorized</H1> <H2>Error 401</H2> </BODY> </HTML>"

I have tried to call the Web App with another App Script:

var headers =  {
    "authorization": "Bearer [access_token]",
  };   
  var params = {
     method:"GET",
     contentType:"application/json",
     muteHttpExceptions:true,
     headers:headers,    
  };
  var url = "https://script.google.com/[rest_of_the_script_url]";
  var response = UrlFetchApp.fetch(url, params);

Also I have tried calling the Web App with C# OAuth2Request (Taken from the Xamarin tutorial):

var url = "https://script.google.com/[rest_of_the_script_url]";
var request = new OAuth2Request("GET", new Uri(url), null, account );

Also I have tried C# HttpWebRequest: 

string accessToken = "Bearer [access_token]";
string url = "[https://script.google.com/[rest_of_the_script_url]";
HttpWebRequest request = (HttpWebRequest)HttpWebRequest.create(url);

request.Method = "GET";
request.ContentType = "application/json";
request.Headers.Add("Authorization", accessToken);

var response = request.getResponse();

All previous methods have the same result: "(401) Unauthorized".

For scopes I have set: 

https://www.googleapis.com/auth/plus.me 
https://www.googleapis.com/auth/userinfo.email

My WebApp does not require any scopes according to it's properties. [EDIT:] Also to make sure it does not I did set a doGet() method as simple as possible: 

function doGet(e)
{
   return ContentService.CreateTextOutput("success");
}

This question has been asked before, but some have found the solution and some have not. Also I did not success with the answers either.

  1. I think my first attempt covers this one.
  2. I tried to translate the Java answer to C#

Ok, thanks for reading down here, wish some one can help me out with this as I'm running out of ideas (and time, eventually).

EDIT: Though the issue has resolved and turned out to be a scope-issue I am answering the questions in the comments below, in case this question might be of any help to anyone in the future.

Improve this question
3
  • What do you have selected in the corresponding "Execute the app as:" drop down? Also (despite the lack of required scopes in the properties...), any chance you're calling something that's returning 401 in doGet()? Might be worth trimming down to the two-line doGet() implementation here, just to see if it still repros: developers.google.com/apps-script/guides/web Commented Apr 5, 2018 at 20:27
  • FWIW, I was able to trivially reproduce this with the two-line example I referenced above. Now I am intrigued. Commented Apr 5, 2018 at 22:16
  • Where did you set this? "when I set it available to my domain only" Commented Apr 5, 2018 at 23:38

1 Answer 1

Reset to default
0

I was able to get this to work with an access token authorized with the https://www.googleapis.com/auth/drive.file scope in the Google OAuth Playground.

That doesn't seem quite right in my opinion, but it's the least permissive scope I got to work.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.