1

I have a working GAS web application that is deployed

  • execute as - me
  • who has access - anyone

now I need to separate data that the users are using, storing, accessing. I was thinking of using Google Sign-In but then I thought that I might somehow get user's info when they are logged into their Google account if I deploy with the who has access option set to Anyone with Google account. But I am not able to find anywhere how or if even I am able to get any details of the logged in user.

The only info that is related is this SO question Get user info when someone runs Google Apps Script web app as me . The solutions proposed https://stackoverflow.com/a/59974388/250422 seemed to me too complex if I can get details of the logged user in my GAS code.

Or is there any simple way how to protect my GAS web application with login? I want to save user related data to a dedicated spreadsheet for that particular user. So I need to somehow identify the user.

UPDATE To be clear what I want to achieve

  • have a GAS web application with login authentication
  • each user of such application got separate Google spreadsheet file stored under my account or somewhere where I got access to it but NOT the end user
  • preferably I would use an existing facility for the login part

UPDATE2 as requested the code that I am currently using is

function doGet() {
  Logger.log("let us start");

    var htmlTemplate = HtmlService.createTemplateFromFile('index');

    // htmlTemplate.dataFromServerTemplate = { fromServer: zzlib.settings.toHTML};

    var htmlOutput = htmlTemplate.evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL);


var email = Session.getActiveUser().getEmail();
Logger.log(email);

tmplibX.saveFile(email);
  
HtmlService.createTemplateFromFile('index').evaluate().setXFrameOptionsMode(HtmlService.XFrameOptionsMode.ALLOWALL) //SAMEORIGIN

    return htmlOutput;
}

and the tmplibX.saveFile(email); looks like

function saveFile(fileName){
console.log("from library");

Logger.log("from library");
console.log(fileName);
var fileName=Session.getActiveUser().getEmail();
console.log(fileName);


  DriveApp.createFile("FROM-LIB-"+fileName, 'Hello, world!');
  console.log("finished");
}
Radek
  • 13,813
  • 52
  • 161
  • 255
  • 1
    Your Web App must be deployed so that `execute as` is set to `User Accessing the Web App`, then you can use the methods of the [`Session`](https://developers.google.com/apps-script/reference/base/session) service to get user info. – TheAddonDepot Feb 15 '21 at 14:52
  • And in such case if GAS creates new spreasheet files. Who is the owner? And where would it be located? On my drive? ... hm, could you create an answer and we can continue there? – Radek Feb 15 '21 at 17:41
  • So do you want your user data Spreadsheet to be owned just by the user or by the user and yourself? – Mateo Randwolf Feb 16 '21 at 15:37
  • @MateoRandwolf the spreasheet must NOT be accessible be the user. – Radek Feb 16 '21 at 16:21
  • So these Spreadsheets must be created in your Drive right? – Mateo Randwolf Feb 17 '21 at 08:14
  • yes, they must be created in my drive and access only as me but I want the end web users to be Google logged in. – Radek Feb 17 '21 at 08:47
  • better say that want some kind of authentication. Does not have to be Google login but I thought that using Google login would be very simple to implement – Radek Feb 17 '21 at 11:34

2 Answers2

3

Bismillah... Hii I'm actually glad to see someone is doing what I do..

So what I do is: I CREATE TWO WEB APPS.

  1. First is Execute as User accessing the web app and Accessible by Anyone with Google account
  2. Second is Execute as Me and Accessible by Anyone

And what I write in the First Web App is:

function doGet(e) {
  var em = Utilities.base64EncodeWebSafe(Session.getActiveUser().getEmail(), Utilities.Charset.UTF_8)
  return HtmlService.createHtmlOutput('<script>window.top.location.replace("https://script.google.com/macros/s/mySecondWebAppDeploymentID/exec?e='+em+'")</script>')
  .setTitle('myTitle').setFaviconUrl('https://i.ibb.co/xxx/myLogo.png')
}

This will redirect to the Second Web App with a parameter called e which is the users email encoded in Base 64. Which is the only data we can get.

Then in the Second Web App, u can write whatever u want, like redirect to a prefilled gform or getData from a Spreadsheet then match it with users email than do whatever according to the data...

The essential code of the second Web App is:

function doGet(e){
  var email = Utilities.newBlob(Utilities.base64DecodeWebSafe(e.parameter.e,Utilities.Charset.UTF_8)).getDataAsString()
  //Do whatever u want with that email string variable
}

Actually I was hoping to find someone else doing this, because I want to know what is the limit of this 'get Email' feature from App Script.

I was planning to use this for an event registration with Estimated Users up to 1000 users. Of course it would be troublesome if this feature is limited and ended up collapsing.

Hope this help, and I can know what exactly is the limit of this feature.

M Farhan Ibnu Subhanallah
  • 51
  • 4
1

In order to add the user information such as their email address from your web app to a specific Spreadsheet in your Drive you should follow these steps:

  1. Create the web app. Then you can use a simple function in your code.gs like the one below to insert a row with the user's email to the Spreadsheet you have chosen in your Drive to store this data:
function doSomething() {
SpreadsheetApp.openById('SPREADSHEET ID').getSheetByName('SHEET NAME').appendRow([Session.getActiveUser().getEmail()])
}
  1. Once you have your HTML and script ready, you can deploy this web app as Execute as : me and Who has access to this web app : anyone with a Google Account. In this way the script will execute only on your account and will only modify your prive Spreadsheet while being able to retrieve the user information. Note that in this way user's won't be asked for authorization as you will be the only one running the scripts behind this web app (however, all users must have a Google Account).

Reference

Mateo Randwolf
  • 2,823
  • 1
  • 6
  • 17
  • Hi Mateo, I already implemented what you are suggesting. I used @TheAddonDepot's comments about Session service. It works fine but either I do not get email of users accessing the website or the spreasheet is accessed as the Google user logged in. – Radek Feb 22 '21 at 12:02
  • Hi ! That's strange, could you please log the user's email so that everytime they enter you can check on the [execution's panel]() what this log says ```Logger.log(Session.getActiveUser().getEmail())``` ? Also, could you please edit your question to show a sample piece of code of your web app implementation regarding this section? Thanks ! :D – Mateo Randwolf Feb 24 '21 at 08:18
  • Are you getting your user's email address in either ```saveFile``` or ```doGet``` logs? If not, what does it say ```email``` or ```filename``` are (undefined, null, etc)? – Mateo Randwolf Mar 01 '21 at 16:41
  • Not sure what you are asking. I am getting the email of end use but I want to know how to run saveFile as me. – Radek Mar 03 '21 at 19:58
  • Oh I see so you manage to get the user data but the file is not being created. Do you know if this file is being created in the user's account? – Mateo Randwolf Mar 05 '21 at 15:11
  • the file IS created but under different Google account if executed from library that is deployed as "exectute as me" – Radek Mar 06 '21 at 10:26
  • Hi! I successfully run part of the script you provided creating the file in my Drive with the name of the user accessing it. This worked if I set ```Execute As: **me**``` as I explained in my answer this will make sure that the file is created on your account as it will only use resources from your account. What do you mean by ```if executed from library that is deployed```? – Mateo Randwolf Mar 08 '21 at 11:16
  • do you mean that if I access it then the script will create a file radek under you account? – Radek Mar 10 '21 at 08:17
  • Yes, in that case if you accessed my web app the script would create a file radek under my account. Isnt that what you wanted? – Mateo Randwolf Mar 11 '21 at 10:56
  • yes, that is what I want but I do not know how to achieve it. I want it my application to work this way. if you access it it will save a file under MY account and the file name is YOUR email. If some else accesses it wit will save a file under MY account with their email. Your script does not work this way – Radek Mar 18 '21 at 16:08