问题
I know how to write a web-app and publish it as myself. What I am trying to do is publish a web app so that it can access my data and the users data.
For example, the web-app would read data from a Sheet that I own, and then add it to a Sheet the user owns.
I realize one approach is to make my sheet accessible by anyone with the link and have the web-app run in the user's context. When the user views the web-app it will run in the user's context so it can access their Sheet and Since my sheet is viewable by anyone with a link it will be able to access my Sheet.
However, I am trying to do this without making my sheet accessible by anyone with a link.
Is this possible?
回答1:
Workaround#1: Two web apps
Use two web apps and handle authentication between those two:
WebApp#1: API to access your sheet
- Execute as "Me"
- Access: "Anyone, even anonymous"
- Handles incoming POST requests: checks for necessary authorizations, authenticates the request and returns data from sheet.
WebApp#2: User facing app
- Execute as "User accessing the web app"
- Access: "Anyone"
- User requests data from your sheet> Client requests Server(
google.script.run)> Server POSTs request along with necessary authorization headers usingUrlFetchApp> receives and parses the sheet data and provides it to client.
Notes:
- This set up security is only as strong as the authorization/authentication used between the web-apps.
Workaround#2: Client side Google sign in
Implement Google signin in your webapp.
- Execute as "Me"
- Access: "Anyone, even anonymous"
- Users accessing the web-app must sign in
- After signing in and authorizing access to their sheets, you can use sheets api to write to their sheet
References:
- Google sign-in
- Sample snippet: Sheets api access from browser
- Related question
来源:https://stackoverflow.com/questions/57911167/is-it-possible-to-use-multiple-authentications-in-a-google-apps-script-web-app