I developed a Google Sheets addon (sidebar), and now trying to put it to the Google Workspace Marketplace.
I'm a little lost with the OAuth scopes needed to be set as part of the user consent screen and/or app configuration screen (and/or other places?).
I got few questions:
1. What are the scopes I actually need to set
This is what add on do:
Reads all data in the spreadsheet, basically read access, to analyze references between formulas cells (Dependents and Precedents)
upon user approval (clicking a button each time) it will write results to a new sheet in the current worksheet.
In the case of internal error and upon user approval (clicking a button each time), addon sends email with the error details including stack trace and potentially additional parameters (spreadsheet and sheet(s) names.
logs are written during running for the purpose of debugging and flow improvements. Logs records might include some of the spreadsheet underlying data
I couldn't find any full list of scopes, but my understanding is I need at least:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
https://www.googleapis.com/auth/spreadsheets
2. Where scopes should be configured
I found at least 3 places holding scopes settings.
In the OAuth consent screen setup in the Google Cloud Platform console (
API & Services -> OAuth consent screen
)#3 I couldn't find the way to reach this page accept as described (search for Google Workspace marketplace SDK in the console). Seems it is hidden somehow...don't really understand. This screen also have oAuth scope settings.
appscript.json
file as describedTherefore, if you had already run and authorized the script corresponding to the add-on, then the scopes needed will be added there.
As for a list of scopes, you can easily check this one here.
Since you are developing an editor add-on, there's no need to add the scopes to the manifest file too, unless you'd like to set explicit scopes. For instance, if you want more control over your add-on and make use of more restrictive scopes than the ones that has been automatically added, you should set it in the
appsscript.json
manifest file of the add-on.Once you finish setting things up in the Apps Script side, you can start configuring the add-on using the Marketplace SDK.
Doing so will require you to provide a complete list of the OAuth scopes you have set in your Apps Script project. The OAuth scopes you enter here should match what you display in your OAuth consent screen and if applicable the ones in the
appssccript.json
manifest file.Depending on the scopes you choose for the add-on and the add-on's visibility, you might consider taking a look at the OAuth API verification FAQs documentation too as
Some of the scopes used by the following APIs are considered sensitive; see the API’s documentation or look for the lock icon in the Cloud Console. If your app requests sensitive scopes, and doesn’t meet any of the criteria for an exception (see below), you will need to verify that your app follows the API Services User Data Policy.
Therefore, if your add-on is using any of the scopes listed here, you have to go through the verification process as well before publishing it publicly.
Reference