Migrating Google Apps Scripts from OAuth 1.0 OAuthConfig API and UrlFetchApp.addOAuthService to OAuth 2.0

Question

I have several critical Google Apps Scripts that are "container-bound" in Google Sheets spreadsheets. They make calls to the Google Admin SDK , Directory API , and some other Google APIs, like the URL Shortener API .

I originally got these working by Googling and searching on Stack Overflow until I found code that did what I needed.

They are working fine now, but over the past month I've been receiving emails from Google that OAuth 1.0 is deprecated and anything using it should be migrated to OAuth 2.0 before April 20, 2015.

I read their official documentation and migration guides and am still super confused. All of their documentation seems to be for "applications" and I can't find anything specific to Google Apps Scripts and Javascript.

Here is an example of a working Google Apps Script that I have. It takes an email address as input and returns the user's full name.

var consumerKey = "domain.com";
var consumerSecret = "xxxxxxxxxxxxxxxxxxxxxxxx";
var publicApiAccessKey = 'xxxxxxxxxxxxx_xxxxxxxxxxxxxxxxxxxxxxxxx';

function getUsersName(email) {

  var name = '';

  try {

    var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email + '?key=' + publicApiAccessKey;
    var scope = "https://www.googleapis.com/auth/admin.directory.user.readonly";

    var fetchArgs = googleOAuth_("Users",scope);
    fetchArgs.method = "GET";
    fetchArgs.muteHttpExceptions=true;

    var userJson = UrlFetchApp.fetch(url, fetchArgs);

    var userObject = JSON.parse(userJson);

    name = userObject.name.fullName;

  } catch(e) {

    // send failure email

  }

  return name;

}

function googleOAuth_(name,scope) {

  var oAuthConfig = UrlFetchApp.addOAuthService(name);
  oAuthConfig.setRequestTokenUrl("https://www.google.com/accounts/OAuthGetRequestToken?scope=" + scope);
  oAuthConfig.setAuthorizationUrl("https://www.google.com/accounts/OAuthAuthorizeToken");
  oAuthConfig.setAccessTokenUrl("https://www.google.com/accounts/OAuthGetAccessToken");
  oAuthConfig.setConsumerKey(consumerKey);
  oAuthConfig.setConsumerSecret(consumerSecret);
  return {oAuthServiceName:name, oAuthUseToken:'always'};

}

When I run it, I get these warning hints, confirming that my Google Apps Scripts are using code that has been deprecated and should be replaced:

Here is the text of the email that Google sent out notifying customers of the deprecated services:

Reminder for ClientLogin, OAuth 1.0, AuthSub, and OpenID 2.0 shutdown Hello Administrator,

Over the past few years, we announced that ClientLogin, OAuth 1.0 (3LO), AuthSub, and OpenID 2.0 are deprecated and will shut down on April 20, 2015. Google is moving away from these older protocols in order to focus our support on the latest Internet standards, OAuth 2.0 and OpenID Connect.

Analysis of our logs leads us to believe that your domain domain.com operates one or more applications that still use one of these deprecated protocols. You need to ensure that your applications use our supported authentication methods: OAuth 2.0 for API authorization or OpenID Connect for federated authentication. The easiest way to migrate to these new standards is to use the Google Sign-in SDKs (see the migration documentation). Google Sign-in is built on top of our OAuth 2.0 and OpenID Connect infrastructure and provides a single interface for authentication and authorization flows on Web, Android and iOS.

If the migration for these applications is not completed before the deadline, the application will experience an outage in its ability to connect to Google (possibly including the ability to sign in) until the migration to a supported authentication protocol occurs. To avoid any interruptions in service, it is critical that you work to migrate prior to the shutdown date.

If you need to migrate your integration with Google:

Migrate from OpenID 2.0 to Google Sign-in (OpenID Connect). Migrate from OAuth 1.0 to OAuth 2.0 . For AuthSub and ClientLogin, there is no migration support. You'll need to start fresh with OAuth 2.0 and users need to re-consent. If you have any technical questions about migrating your application, please post questions to Stack Overflow under the tag google-oauth or google-openid. Please keep in mind that Stack Overflow is a publicly viewable forum. Our engineers will be regularly notified of any posted questions.

I read the Migrating from OAuth 1.0 to OAuth 2.0 section but I still have no clue what I'm supposed to do. I need to know specifically what I'd need to change in my code above for my scripts to continue to work after April 20th (next Monday).

Answer 1

It would take 2 steps to convert this:

1) You need to add an Oauth2 webflow to your script. You can get a google developed library to do this at: https://github.com/googlesamples/apps-script-oauth2

View the README.MD in this repo on how to set it up.

2) Change your call to make use of the Oauth2 token:

function getUsersName(email) {
var token = oauth2Service().getAccessToken(); //this will be setup from step 1
  var name = '';

  try {

    var url = 'https://www.googleapis.com/admin/directory/v1/users/' + email;


   var parameters = { method : 'get',
                headers : {'Authorization': 'Bearer '+ token},
                contentType:'application/json',                    
                muteHttpExceptions:true};

    var userJson = UrlFetchApp.fetch(url, parameters);

    var userObject = JSON.parse(userJson);

    name = userObject.name.fullName;

  } catch(e) {

    // send failure email

  }

  return name;

}