You'll need to add the correct OAuth scopes to the manifest file of your Apps Script project, and then pass in an access_token parameter (or in the Authorization header) instead of the auth parameter you currently use.
Based on Doug's gist here, the basic steps are:
- Open the
manifest.json from the script editor, by clicking View > Show manifest file.
Add or edit the manifest to have these OAuth scopes:
"oauthScopes": [
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/firebase.database",
"https://www.googleapis.com/auth/script.external_request",
"https://www.googleapis.com/auth/spreadsheets"
]
That last scope grants it access to the spreadsheet itself. If you're using another GSuite type (document, slides, form, etc) you'll need the scope that corresponds that to type.
Now you can get the OAuth token from within your script and add it to your request:
var response = UrlFetchApp.fetch(databaseUrl, {
method: "PUT",
headers: {
"Content-type": "application/json",
"Authorization": "Bearer "+ScriptApp.getOAuthToken()
},
payload: JSON.stringify(json)
});
Logger.log(response.getContentText());
A major advantage of this is that your script will now run as an actual user, meaning that you can ensure it can only perform authorized actions through security rules.
