将应用程序脚本发布到附加组件后出现 Oauth 2.0 问题
[英]Oauth 2.0 problem after publish apps script to add-ons
问题描述
I'm working on Integrate Google spreadsheet with Salesforce using Google AppsScript.
我正在使用 Google AppsScript 将 Google 电子表格与 Salesforce 集成。
https://github.com/googleworkspace/apps-script-oauth2 https://github.com/googleworkspace/apps-script-oauth2
I proceeded with the OAuth2.0 authorization by referring to the above and confirmed that it was working normally.参考上面进行了OAuth2.0授权,确认正常。
The problem happened after I published the Google Apps script as a Google Workspace add-ons.问题发生在我将 Google Apps 脚本作为 Google Workspace 插件发布后。 (App Visbility is Priavte -Only available to users in your domain.) (App Visbility 是 Priavte - 仅对您所在域中的用户可用。)
When multiple people download the add-ons and proceed with authorization, the credentials(OAuth2.0 access token, OAUth2.0 instance_url) of all downloaded people are changed to the credentials(OAuth2.0 access token, OAUth2.0 instance_url) of the last person who authenticated.当多人下载插件并进行授权时,所有下载人的凭证(OAuth2.0 access token,OAUth2.0 instance_url)都更改为下载人的凭证(OAuth2.0 access token,OAUth2.0 instance_url)最后进行身份验证的人。
for example例如
A person named Olivia downloads add-ons and login in to org called A.salesforce.com, then a person named Lucas downloads add-ons and login in to org called B.salesforce.com名为 Olivia 的人下载附加组件并登录名为 A.salesforce.com 的组织,然后名为 Lucas 的人下载附加组件并登录名为 B.salesforce.com 的组织
Then Olivia's credentials will also be replaced by the credentials of B.salesforce.com where Lucas logged in.然后 Olivia 的凭据也将替换为 Lucas 登录的 B.salesforce.com 的凭据。
I don't know why this is happening.我不知道为什么会这样。
Is there any part of the code that needs to be modified?是否有任何部分代码需要修改?
function run() {
var service = getService_();
if (service.hasAccess()) {
var url = service.getToken().instance_url +
'/services/data/v24.0/chatter/users/me';
// Make the HTTP request using a wrapper function that handles expired
// sessions.
var response = withRetry(service, function() {
return UrlFetchApp.fetch(url, {
headers: {
Authorization: 'Bearer ' + service.getAccessToken(),
}
});
});
var result = JSON.parse(response.getContentText());
} else {
openUrl()
}
}
function withRetry(service, func) {
var response;
var content;
try {
response = func();
content = response.getContentText();
} catch (e) {
content = e.toString();
}
if (content.indexOf('INVALID_SESSION_ID') !== -1) {
service.refresh();
return func();
}
return response;
}
/**
* Reset the authorization state, so that it can be re-tested.
*/
function reset() {
getService_().reset();
}
/**
* Configures the service.
*/
function getService_() {
return OAuth2.createService('Saleforce')
// Set the endpoint URLs.
.setAuthorizationBaseUrl('https://login.salesforce.com/services/oauth2/authorize')
.setTokenUrl('https://login.salesforce.com/services/oauth2/token')
// Set the client ID and secret.
.setClientId(CLIENT_ID)
.setClientSecret(CLIENT_SECRET)
// Set the name of the callback function that should be invoked to
// complete the OAuth flow.
.setCallbackFunction('authCallback')
// Set the property store where authorized tokens should be persisted.
.setPropertyStore(PropertiesService.getScriptProperties())
// Set the scopes to be requested.
//.setScope('chatter_api refresh_token');
}
/**
* Handles the OAuth callback.
*/
function authCallback(request) {
var service = getService_();
var authorized = service.handleCallback(request);
if (authorized) {
return HtmlService.createHtmlOutput('Success!');
} else {
return HtmlService.createHtmlOutput('Denied.');
}
}
/**
* Open authorizationUrl
*/
function openUrl() {
var service = getService_();
var authorizationUrl = service.getAuthorizationUrl();
var html = HtmlService.createHtmlOutput('<html><script>'
+ 'window.close = function(){window.setTimeout(function().
{google.script.host.close()},9)};'
+ 'var a = document.createElement("a"); a.href="' + authorizationUrl + '";
a.target="_blank";'
+ 'if(document.createEvent){'
+ ' var event=document.createEvent("MouseEvents");'
+ ' if(navigator.userAgent.toLowerCase().indexOf("firefox")>-1).
{window.document.body.append(a)}'
+ ' event.initEvent("click",true,true); a.dispatchEvent(event);'
+ '}else{ a.click() }'
+ 'close();'
+ '</script>'
// Offer URL as clickable link in case above code fails.
+ '<body style="word-break:break-word;font-family:sans-serif;">Failed to open
automatically. <a href="' + authorizationUrl + '" target="_blank"
onclick="window.close()">Click here to proceed</a>.</body>'
+ '<script>google.script.host.setHeight(40);google.script.host.setWidth(410).
</script>'
+ '</html>')
.setWidth(90).setHeight(1);
SpreadsheetApp.getUi().showModalDialog(html, "Open ...");
}
/**
* Logs the redict URI to register.
*/
function logRedirectUri() {
Logger.log(OAuth2.getRedirectUri());
}
1 个解决方案
解决方案1
2 已采纳 2022-12-18 03:48:53
The problem occurs because the script is using the Script store ( PropertiesService.getScriptProperties() ) to store the OAuth authorization token.出现此问题是因为脚本使用脚本存储 ( PropertiesService.getScriptProperties() ) 来存储 OAuth 授权令牌。 This could be fixed by using the User Store ( PropertiesService.getUserProperties() ) instead.这可以通过使用用户存储 ( PropertiesService.getUserProperties() ) 来解决。
Use the Script Store to store properties for all users使用脚本存储来存储所有用户的属性
Use the Document Store to store properties for each file no matter what user uses it.使用文档存储来存储每个文件的属性,无论哪个用户使用它。
Use the User Store to store properties for each user, no matter what file is used使用用户存储来存储每个用户的属性,无论使用什么文件
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.