2

Here's a custom Google Sheet with script code:

var GAaccountsList = Analytics.Management.Accounts.list();
var upload = Analytics.Management.Uploads.uploadData('accountId', 'webPropertyId', 'customDataSourceId')

This code should run OK if https://www.googleapis.com/auth/analytics scope is provided.

But instead, it asks additionally for https://www.googleapis.com/auth/analytics.readonly that is excessive. enter image description here

Can this be fixed in Google Apps Script OAuth service?

Improve this question
4
  • This is pretty common pattern. Even in the Google API playground the read only scope gets added despite adding the read write scope. It's really nothing to worry about. Commented Feb 3, 2015 at 19:27
  • @Jonathon I don't agree, because users become alert when they see unnecessary scope requirements in OAuth popup. Because of that we have questions from our users and have to clarify why manage is not enough. Commented Feb 10, 2015 at 7:22
  • code.google.com/p/google-apps-script-issues/issues/list . add a feature request there as this is currently expected behaviour across the spec and apps script. The read only scope is less 'invasive' than the first so the oauth request will be the same. Test it in the oauth playground. Commented Feb 10, 2015 at 7:29
  • @Jonathon Thanks, I submitted this as a feature request. Commented Feb 12, 2015 at 18:27

1 Answer 1

Reset to default
2

You can modify the OAuth scopes in the Manifest file. The manifest file is accessed in the GAS editor through the menu (View > Show Manifest File), then the manifest will appear in the file list as appscript.json. You can remove the Dependencies and oauthScopes sections from this file, then when your script tries to make Google calls it will get an error saying which scopes are required (in Stackdriver Logging). You can add scopes one at a time this way, but be sure each of your Google functions gets called or you may miss a scope.

Note that removing the Dependencies section might have other side-effects (such as removing access to Libraries). It was my experience that an excessive scope showed up in the Dependencies/enableAdvancedServices section, so I had to remove it from there and add the less-permissive scope to the oauthScopes section.

Reference: https://developers.google.com/apps-script/concepts/scopes

https://developers.google.com/identity/protocols/googlescopes

Google Oauth removing scopes from access

How to narrow down the auth/drive scope for a google apps script?

https://developers.google.com/apps-script/concepts/manifests

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Thanks! It's a great new trick. BTW they fixed scopes in PROD regarding my question, so nothing should be defined manually in this particular case.

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.