Starting today, the OAuth consent screen will now let users specify which individual OAuth scopes they would like to authorize. For example, if a script requests access to a user’s Sheets and Forms files, and the users only intends to use the script with Sheets files, they can decide to only allow access to their spreadsheets and not their forms. This affords users the benefit of more granular control over what data their 3P applications are allowed to access.
Exciting news for Apps Script developers and users! Google has taken the first step towards more granular control over OAuth consent in Apps Script. This means users can now choose exactly which services their scripts can access, leading to a more secure and transparent experience.
What’s New?
Previously, when running a script that required access to multiple services (like Google Sheets and Forms), users had to grant permission to all or nothing. This all-or-nothing approach could make some users hesitant to use scripts, especially if they were only comfortable granting access to a subset of the requested services.
With the latest update, the OAuth consent screen now allows users to authorize individual services. For instance, if a script needs access to both Google Sheets and Forms, but the user only intends to use it with Sheets, they can simply grant access to Sheets and deny access to Forms.
This change is currently being gradually rolled out to the Apps Script IDE, with expected completion by January 24, 2025.
Enhanced Security and Transparency
This granular control over OAuth consent is a significant step towards improving the security and transparency of Apps Script. Users now have more control over their data and can make informed decisions about which services they want to allow their scripts to access.
This change also benefits developers, as it can help build trust with users and encourage wider adoption of their scripts.
A Glimpse into the Future: Chat Apps and Workspace Add-ons
While currently limited to the Apps Script IDE, this granular OAuth consent model will eventually be implemented in other Apps Script surfaces, notably Chat apps and Workspace Add-ons. This has implications for developers working in these areas.
For Chat app and Workspace Add-on developers, this means it’s time to start thinking about how this granular consent model will impact your development process and user experience. You can start experimenting with the new methods added to the ScriptApp and AuthorizationInfo classes to programmatically handle different consent scenarios.
Digging Deeper: AuthorizationInfo
To help developers manage these granular permissions, Google has introduced the AuthorizationInfo class. This class provides methods to check authorization status, retrieve authorized scopes, and even generate authorization URLs. Here’s a quick look at some of its key functionalities:
getAuthorizationStatus() : This method allows you to determine if a user needs to authorize the script to use one or more services.
getAuthorizationUrl() : This method returns an authorization URL that can be used to grant access to the script.
getAuthorizedScopes() : This method returns a list of authorized scopes for the script.
These methods give developers fine-grained control over the authorization process, enabling them to build more robust and user-friendly applications. Google have already published a great developer guide on how to Handle granular OAuth permissions.
Learn More
To learn more about this update, be sure to check out the official announcement provided in the source link.
