stackoom
  简体   繁体   中英

3rd party Authentication Issues in Google Appscript

 原文  2020-03-11 17:51:48       javascript/ oauth/ oauth-2.0/ gsuite-addons

Question

I am using an internal service to Authenticate my Gsuite add-on. The Issue is we cannot find any request made from the Add-on to internal servers on Prod (or Dev environments). These are public facing authentication endpoints.

Currently this Addon only runs in Gmail. Unsure If there are any bandwidth limits we might be reaching but Google support said they couldn't help.

We followed the docs Google provides for 3rd Part Oauth.

auth File:

function accessProtectedResource(url, method_opt, headers_opt, body) {

  var service = getOAuthService();
  var maybeAuthorized = service.hasAccess();
  if (maybeAuthorized) {
    // A token is present, but it may be expired or invalid. Make a
    // request and check the response code to be sure.

    // Make the UrlFetch request and return the result.
    var accessToken = service.getAccessToken();
    var method = method_opt || 'get';
    var headers = headers_opt || {};
    headers['Authorization'] = Utilities.formatString('Bearer %s', accessToken);

    var resp = UrlFetchApp.fetch(url, {
      'headers': headers,
      'method' : method,
      'contentType': 'application/json',
      'muteHttpExceptions': true, // Prevents thrown HTTP exceptions.
      'payload': JSON.stringify(body)
    });

    var code = resp.getResponseCode();
    if (code >= 200 && code < 300) {
      return resp.getContentText('utf-8'); // Success
    } else if (code >= 400 && code <= 403) {
       // Not fully authorized for this action.
       maybeAuthorized = false;
    } else {
       // Handle other response codes by logging them and throwing an exception.
       Logger.log('Server error (%s): %s', code.toString(),
                     resp.getContentText('utf-8'));

       throw ('Backend server error: ' + code);
    }
  }

  if (!maybeAuthorized) {
    // Invoke the authorization flow using the default authorization
    // prompt card.
    CardService.newAuthorizationException()
        .setAuthorizationUrl(service.getAuthorizationUrl())
        .setCustomUiCallback('createCompanyeAuthorizationUi')
        .setResourceDisplayName('Company')
        .throwException();


  }
}

function getOAuthService() {
  // added Console.log for debug
  var service = OAuth2.createService('COMPANY_AUTH')
  var servicewithurl = service.setAuthorizationBaseUrl(urlBase + '/oauth2/authenticate/');
  var setauthBase = servicewithurl.setAuthorizationBaseUrl(urlBase + '/oauth2/authenticate/');
  console.log('setauthBase ', setauthBase);
  var setToken = setauthBase.setTokenUrl(urlBase + '/oauth/token/');
console.log('setToken ',setToken);
  var setCallback = setToken.setCallbackFunction('authCallback');
      console.log('setCallback ', setCallback);
  setCallback.setClientId('2222TW9LzuT4AgAMN')
      .setClientSecret('WZN5tyDKfMYoDLNnC')
      .setPropertyStore(PropertiesService.getUserProperties());
      .setCache(CacheService.getUserCache())

console.log('setCallback2 ', setCallback);
  return setCallback;
}

function authCallback(callbackRequest) {
  var authorized = getOAuthService().handleCallback(callbackRequest);
  if (authorized) {
    return HtmlService.createHtmlOutput(
      'Success! <script>setTimeout(function() { top.window.close() }, 1);</script>');
  } else {
    return HtmlService.createHtmlOutput('Denied');
  }
}


function createCompanyAuthorizationUi() {

  var service = getOAuthService();
  var authUrl = service.getAuthorizationUrl();
  var authAction = CardService.newAuthorizationAction().setAuthorizationUrl(authUrl);

  var CompanyLogo = CardService.newImage().setAltText("Company Logo").setImageUrl("image_url_replaced");
  var headerText = 'Create actions in Company from your email.';
  var mainImage = CardService.newImage().setAltText("Company Mail").setImageUrl("image_url_replaced");
  var loginButton = CardService.newImage().setAltText("Login").setImageUrl("image_url_replaced").setAuthorizationAction(authAction);  
  var signupLink = CardService.newOpenLink()
        .setUrl(urlBase + "/join")
        .setOpenAs(CardService.OpenAs.FULL_SIZE)
        .setOnClose(CardService.OnClose.NOTHING);
  var signupButton = CardService.newImage().setAltText("Sign up").setImageUrl("image_url_replaced").setOpenLink(signupLink);

  var featureOne = CardService.newKeyValue()
    .setIconUrl("image_url_replaced")
    .setContent("Company is the best way to plan, execute, and monitor all of your teams's projects in one place.")
  .setMultiline(true);  

  var featureTwo = CardService.newKeyValue()
    .setIconUrl("image_url_replaced")
    .setContent("Content here")
  .setMultiline(true);

  var card = CardService.newCardBuilder()
      .addSection(CardService.newCardSection()
          .addWidget(CardService.newTextParagraph())
          .addWidget(CompanyLogo)
          .addWidget(CardService.newTextParagraph().setText(headerText))
          .addWidget(mainImage)
          .addWidget(signupButton)
          .addWidget(loginButton)
          .addWidget(featureOne)
          .addWidget(featureTwo)
      ).build();
  return [card];
}
function resetOAuth() {
  getOAuthService().reset();
}


function getCompanyResourceUrls() {
  accessProtectedResource(urlBase + '/api/v1/books/');
}

function makeRequest(url, params) {
  var oauthService = getOAuthService();
  var response = UrlFetchApp.fetch(url, {
    headers: {
      Authorization: 'Bearer ' + oauthService.getAccessToken()
    },
    body: params
  });
  return response;
}

function getUserId() {
  var cache = CacheService.getUserCache();
  var userId = cache.get('userId');

  if(userId) {
    return userId;
  }

  var response = accessProtectedResource(urlBase + '/oauth/getIdentity');
  var data = JSON.parse(response);
  var userId = data.data.id;

  cache.put('userId', userId);

  return userId;
}

appsscript.json

{
  "timeZone": "America/New_York",
  "dependencies": {
    "libraries": [{
      "userSymbol": "OAuth2",
      "libraryId": "",
      "version": "37",
      "developmentMode": true
    }]
  },
  "webapp": {
    "access": "ANYONE",
    "executeAs": "USER_ACCESSING"
  },
  "oauthScopes": ["https://www.googleapis.com/auth/gmail.addons.execute", "https://www.googleapis.com/auth/gmail.addons.current.message.readonly", "https://www.googleapis.com/auth/script.external_request"],
  "urlFetchWhitelist": ["https://company.com/", "https://company.com/oauth/token/", "https://company.com/api/v1/books/", "https://companycom/oauth/revoke"],
  "runtimeVersion": "V8",
  "gmail": {
    "name": "Name",
    "logoUrl": "https://logourl.com",
    "contextualTriggers": [{
      "unconditional": {
      },
      "onTriggerFunction": "buildAddOn"
    }],
    "universalActions": [{
      "text": "Logout",
      "runFunction": "logout"
    }],
    "primaryColor": "#ffffff",
    "secondaryColor": "#ffffff",
    "authorizationCheckFunction": "getCompanyResourceUrls",
    "openLinkUrlPrefixes": ["https://company.com/"]
  }
}

1 answers

solution1
 0  2020-04-10 10:38:51

You made mistake:

.setCustomUiCallback('createCompanyeAuthorizationUi')

but you have

createCompanyAuthorizationUi

I am not sure, but it can help you.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Can authentication via JS be faked? (Using 3rd party Authentication) How to handle the authentication using 3rd party login in Angularjs How to communicate securely (with proper authentication) to a 3rd party api on the client? Same domain AJAX calls being redirected by 3rd party authentication Google Script onChange 3rd Party INSERT_ROW Executing Userscripts in Google Chrome permanentely without 3rd party Extension tracking loading times of 3rd party plugins in google analytics Import 3rd party library IONIC 3rd party libs Proxying 3rd party GUI
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM