Service Accounts & OAuth2 in Google Apps Script: Your A-Z Guide 🛠️
Authorizations in Google Apps Script
In 99% of all cases, authorizations in Google Apps Script are extremely straightforward. When a user executes their script, they run it as themselves with their respective authorization scopes. The exceptions are:
- Installable triggers that run as their author
- Web apps that can also run as their author depending on the deployment settings
However, what if you need to give more rights to your app beyond what your intended users will have?
Let’s say that you are planning to publish an add-on that requires reading and writing data in BigQuery. You can add the BigQuery
service in Google Apps Script natively like so:
The problem is that if you want your add-on to write to your stats in a BigQuery data set, you have to open up your database to all users, which presents an enormous security flaw. Trust me, you don’t want to do that — I’m speaking out of experience.
This is where service accounts come in.