How to add authentication to a Google apps script without it expiring?

Question

I have a Google apps script project which I use as a web application to save some data gathered from a web page (JavaScript only) to My Google sheets (think of it as a simple database for just me).

It's no need to use auth for anyone else other than my account, because, I don't use their accounts/data for anything at all. I just need to use my account only, so, when I deploy it, I make it execute as me, and accessible to anyone:

.

When I click deploy after previous screen, it asks for my permission (the consent dialogue) to access my account's data, which I grant it, and after that everything is good, and the HTTP requests to this script works just fine.

.

The problem is:

This authentication expires after maybe 7 days (I'm not sure) and the script stops working, I discover that when the HTTP requests to it return error 403

To fix that and make it work again, I need to run the script again from the Google apps script editor which asks for the permissions (consent) again:

.

I can't use it like that and the web page stop working when the authentication gets revoked!

I'm not publishing the script (I don't want/don't need to). Do I?

My question is, how can I add the authentication in a way that makes it lasts and stops asking me for it over and over again?

---

The script on Google apps script works like this:

function doPost(request) {
  return checkRequest(request);
}

function checkRequest(request) {
  //check the request & save the sent data to a google sheet here;
  //...

    return sendResponse({
      success: true,
      data: {result: 'Saved the data!' }
    });
}

function sendResponse(response) {
  return ContentService
    .createTextOutput(JSON.stringify(response))
    .setMimeType(ContentService.MimeType.JSON);
}

And I call it from the web page using Ajax HTTP POST request, like this:

jQuery.ajax({
    url: 'https://script.google.com/macros/s/{script-id}/exec',
    method: 'POST',
    dataType: "json",
    data: {key: 'value'},
    success: function (response) {
        console.log(response);
    },
    error: function (response) {
        console.error(response);
    }
});

And this is the response the script returns after few days when the authentication expires:

Answer 1

This has been reported to Google

There is already a report on Google's Issue Tracker which detail the same kind of behaviour:

• Random Deauthorizations for script since Editor Update with no changes to code

Google does seem to know about this issue. From the issue tracker link, a response was given:

[...] reviewing the documentation, it reads:

Authorizations by a test user will expire seven days from the time of consent.

Source

So I'm not sure we should expect anything different from these tests.

Also re-reading this thread, in your first comment you said that this was affecting projects that already published. Though I understand that you fixed the original projects that were having issues by un-linking the GCP projects.

A possible fix would be filling the scopes manually in the manifest for these types of issues. This is because Apps Script tries to infer the scopes needed at runtime, and sometimes this can result in Apps Script trying to gain more permissive scope than what is authorized.

See Setting Explicit Scopes

However, token expiry in around 7 days is to be expected for projects in "testing" state.

Which seems to be the case for the users in the report thread.

There are multiple reasons that this expiration may occur, as explained in the Using OAuth 2.0 to Access Google APIs page.

That being said, if it's causing problems you can file your own bug about it here in the Google Apps Script component.

References:

• Random Deauthorizations for script since Editor Update with no changes to code
• Using OAuth 2.0 to Access Google APIs | Google Identity
• Setting up your OAuth consent screen - Google Cloud Platform Console Help
• Authorization Scopes - Setting explicit scopes | Apps Script | Google Developers