I have a public Google Spreadsheet (editable for everyone with the link).
I would like to use it to store data for a Cordova App.
I believe I could get it to work through Google Apps Script and OAuth.
But then again I wonder, why I have to deal with OAutch if the spreadsheet is public. One use case to avoid OAuth would be, when someone does not even have a Google Account. He can (manually) edit the spreadsheet, so why should I force him to authenticate with OAuth?
So, in essence, how can I read from and write to this spreadsheet without OAuth for the user?
You don't need OAuth in your case. But, you do need to set the settings of the published Web App to be run as "Execute the App As: ME", and "anyone, even anonymous" has access. So, you need to publish the Apps Script as a Web App, "Publish" menu. If you are not going to use Apps Script as a Web App (basically a web site, but you can't get a domain name), then you can just use it as an intermediary between your own app and the spreadsheet. Your app will need to make either a HTTPS GET or POST request to a "doGet()" or "doPost()" function in the Apps Script project.
Related
I've developed a small webapp, that pulls raw data from a Google Spreadsheet and builds it on a html, so my website users can see, filter and navigate through the data.
For that, I'm using Google Sheets API v4, but even going to an HTML, users are asked to "AUTHORIZE" access using their Google Accounts, before seeing the table/data.
Is there a way to display this table/data on the HTML, without requesting users to authorize through OAuth?
If you're dealing with accessing data and performing Google API calls, authorization is Google's way to protect and secure the user's data.
If you want to display the data without needing to undergo authorization, publish it to the web:
File -> Publish to the web. An embed code which contains a public url will be provided for you.
Here's a sample of my public data:
https://docs.google.com/spreadsheets/d/1mvFPT2Xx8bNEMUdPC9TDOexzNqVS399bxQATV3JVOyg/pubhtml?widget=true&
I have a simple page with a form, and I decided to offer the option of submitting it to a Google Sheet. It's meant as part of an internal webapp, used by a few collaborators to submit to a spreadsheet shared between us. I would have used a Google Forms but I wanted more control over the form.
I have set up a Google Apps Script bound to the spreadsheet following these instructions and deployed it as web app with:
Execute the app as: Me
Who has access to the app: Anyone, even anonymous
This works fine, I can POST FormData with XMLHttpRequest (vanilla javascript). But so can anyone else, no matter if they're allowed to edit the spreadsheet, even if they're logged out of Google.
I'd like to restrict access to the web app - only people invited to the spreadsheet should be able to use the web app to insert rows. (Which is what I expected in the first place... if you don't have edit permissions you don't get to edit, period.)
At the moment switching the Google Apps Script Deploy as web app settings to anything else results in an 'Access-Control-Allow-Origin' error. I probably have to do something else - either in my page or in the GAS - to handle auth, right?
I want the web app to be deployed as
Execute the app as: User accessing the app
Who has access to the app: Anyone
and when a spreadsheet collaborator visits my page, he can submit the form - provided he's logged into Google.
the google apps script execution api does what you need. its well explained in the official docs:
https://developers.google.com/apps-script/guides/rest/api
its too broad to explain here step by step. you might need to read also about how to make an oauth2 flow from browser javascript.
I'd like to allow a user to visit one of my sites, enter some information into a field, and then save that information into a Google Spreadsheet via JavaScript.
I don't want the user to login via Google or have to do any special authentication.
It's Ok if the spreadsheet needs to be open to public; the data's not sensitive.
I don't want to use a Google Form, I want to have full control over the client-side UI.
I've been reading through the Google developer docs, but they only make mention to an OAuth login solution. The Google Developer Console allows you to create a "Public API access key", but does not explain how it's used.
All of the examples are for the scenario where the user is using your app to access his own files. In your case, you want the app to access your own file. This isn't easy. The only ways I can see are :-
Use a server app (appengine works well) to do the access
Very carefully set up permissions and store a refresh token in your app.
Option 2 could be your worst security nightmare if you don't do it carefully, and even then may be an infringement of Google T's and C's since it's akin to distributing your password.
Once you figure out the auth, you'll need to check out the spreadsheet API (https://developers.google.com/google-apps/spreadsheets/), as this is the API that allows you to update an existing spreadsheet. The Drive API can only upload an entire new spreadsheet.
I am looking at developing an app to leverage the Google Doc side of Google Apps Scripts. I have a couple of questions about the security of Google Apps Scripts.
How easy is it for a user to copy the code from a shared Google Apps Script? Is there any way to prevent this?
Are there any plans to create a similar API for the Google App Engine for manipulating Google Documents( not just listing what documents are available) so that document manipulation could be done on the server side?
Is there a way planned to share out Google Apps Scripts per Google User or per group, and not just "Publish to the World" or "Within a domain" as is currently the case?
Thanks
Bob
About copying the shared script: dont share it there is no need to share. Publish as webapp and share the url. Nobody can get to the script that way.
About opening the api: no plans that i know of (im not from google), but note that apps script does run server side.
The last one: publish to your domain and run as owner, then in your handler (Roget) use user services to tell the active user email. Use group services to see it she belongs to a group. If user shouldnt access show an access error.
Voila.
I'm looking for a way to use Google Drive to share data between a Android app and a web page hosted on my server. The web page should use JavaScript to retrieve and store data in Google Drive.
The data should only be exchanged between the browser of the user and Google Drive.
According to the documentation of accessing Google Drive from JavaScript you must first create a application using the Google Cloud Console, register it and get a client ID before you can use JavaScript to access the data.
I don't want to have to maintain a Google hosted application. Is this possible?
The only point of apis console is to register your applicaiton or in your case script with google. Its baslcy just there way of keeping track of whos accessing what i think. Once you have it registered you normaly would use a clientid and stuff as well as Oauth2 to allow users to access there google drive with your script. But you wont need to go into that becouse its your application thats storing its data there and not a user.
You will probably want to look into a service account.
https://google-developers.appspot.com/drive/service-accounts
If you want to use private spreadsheet then you have to use authentication, in this case google project is easiest one. If you don't want to use private then you can publish your spreadsheet and then make ajax call without authentication/goole project.
You're not the first person we've heard this complaint from. People want to be able to log in and create an API key without having to deal with extraneous cloud services. We're working on some things to make life easier for customers like you.
Unfortunately there is no way to do this at the present time. That said, you don't have to actually maintain a separate application. You can create a project and only use it to manage APIs.