Clasp: OAuth permissions

Created on 3 Apr 2018  路  8Comments  路  Source: google/clasp

Expected Behavior

clasp login should grant access to the app script API.

Actual Behavior

  1. That鈥檚 an error.
    Error: admin_policy_enforced

Access to your account data is restricted by policies within your organization. Please contact administrator for more information.

Request Details
access_type=offline
scope=https://www.googleapis.com/auth/script.deployments https://www.googleapis.com/auth/script.projects
response_type=code
client_id=xxxxxxxxxx-xxxxx.apps.googleusercontent.com
redirect_uri=http://localhost:60194
That鈥檚 all we know.

Steps to Reproduce the Problem

I'm trying to use the clasp tool as a G-Suite user, and I have enabled Apps Script API at https://script.google.com/home/usersettings

But the clasp login is giving the above error inside the browser. While our G-Suite Administrator is willing to change the required policies/permissions, he couldn't find any documentation on how to grant the access rights needed for clasp tool or Error logs on what permission was missing.

Can somebody help us figure out what needs to be done to enable the API access to use the clasp tool?

Specifications

Most helpful comment

For admin-restricted domains, you can have your admin whitelist clasp by following the instructions here: https://support.google.com/a/answer/7281227

To do this, you click the "Trusted Apps" link in that section of the UI, and then add a trusted app, selecting "Web App" and pasting in the clasp client ID
1072944905499-vm2v2i5dvn0a0d2o4ca36i1vge8cvbn0.apps.googleusercontent.com

Let me know if that works.

All 8 comments

For admin-restricted domains, you can have your admin whitelist clasp by following the instructions here: https://support.google.com/a/answer/7281227

To do this, you click the "Trusted Apps" link in that section of the UI, and then add a trusted app, selecting "Web App" and pasting in the clasp client ID
1072944905499-vm2v2i5dvn0a0d2o4ca36i1vge8cvbn0.apps.googleusercontent.com

Let me know if that works.

Hi @grant , Adding clasp as "Trusted App" resolved the OAuth issues. Thanks for the suggestion.

Great.
I'll have to add this to the README.

For admin-restricted domains, you can have your admin whitelist clasp by following the instructions here: https://support.google.com/a/answer/7281227

To do this, you click the "Trusted Apps" link in that section of the UI, and then add a trusted app, selecting "Web App" and pasting in the clasp client ID
1072944905499-vm2v2i5dvn0a0d2o4ca36i1vge8cvbn0.apps.googleusercontent.com

Let me know if that works.

Hi

Do You know where can I find the official Google documentation regarding using this Client ID?
Or instructions made By Google or CLASP team that this is the way to handle this?

Is there a way to login without whitelisting clasp? Like maybe manually specifying credentials or something?

Also @grant, did this make it to the README? I don't see anything about white-listing.

For admin-restricted domains, you can have your admin whitelist clasp by following the instructions here: https://support.google.com/a/answer/7281227
To do this, you click the "Trusted Apps" link in that section of the UI, and then add a trusted app, selecting "Web App" and pasting in the clasp client ID
1072944905499-vm2v2i5dvn0a0d2o4ca36i1vge8cvbn0.apps.googleusercontent.com
Let me know if that works.

Hi

Do You know where can I find the official Google documentation regarding using this Client ID?
Or instructions made By Google or CLASP team that this is the way to handle this?

While this is not official Google documentation here is the line of code that has their client ID. https://github.com/google/clasp/blob/master/src/auth.ts#L50

Is there anyway to get the App ID added to some kind of official Google approved documentation? Many organizations have super tight security requirements and can't/won't authorize random App IDs they see in source code files. They need to see something official saying that is the App ID so there is accountability. Something that shows 1072944905499-vm2v2i5dvn0a0d2o4ca36i1vge8cvbn0.apps.googleusercontent.com belongs to Google for clasp and that Google's privacy policy applies.

Should we add a new issue referencing this issue because this issue is close?

Was this page helpful?
0 / 5 - 0 ratings

Related issues

dustinmichels picture dustinmichels  路  4Comments

coccoinomane picture coccoinomane  路  5Comments

grant picture grant  路  8Comments

grant picture grant  路  4Comments

tehhowch picture tehhowch  路  3Comments