0

My question is related to this one about authentication scopes with Google Sheets API.

I'm creating a container-bound Script for Google Sheets which makes use of the Google Sheets API service (as recommended here). The problem is that the Google Sheets API requires the appsscript.jsson file to include:

"oauthScopes": ["https://www.googleapis.com/auth/spreadsheets"]

But this means that the Script has access to all of the user's files, whereas it would be much better if I had only:

"oauthScopes": ["https://www.googleapis.com/auth/spreadsheets.currentonly"]

The less authorization the user has to grant, the better. Is there any way to use Google Sheets API without granting such broad authorization?

Doubt
  • 1,163
  • 2
  • 15
  • 26
  • Although I'm not sure whether I could correctly understand your question, for example, is `@OnlyCurrentDoc` useful for your situation? [Ref](https://developers.google.com/apps-script/guides/services/authorization#manual_authorization_scopes_forand) But, I'm not sure whether this is your expected result. So, I posted it as a comment. If that was not useful, I apologize. – Tanaike Jun 12 '23 at 00:40
  • @Tanaike `@OnlyCurrentDoc` cannot be used when Sheets API is active. If used, an error is thrown about `insufficient authentication scopes`. But yes, I'd like to find someway that restricts the authorization to just this current spreadsheet (in a way compatible with Sheets API). – Doubt Jun 12 '23 at 07:24
  • Thank you for replying. I apologize that my comment was not useful for your situation. I would like to study more. – Tanaike Jun 12 '23 at 07:26

0 Answers0