Retrieving Access Token for Google APIs


This sample is for retrieving access token for Google APIs. I created this for studying newStateToken().


In order to use this sample, please do as follows.

  1. Deploy and launch Web Apps for retrieving redirect uri
    • On the Script Editor
      • File
      • -> Manage Versions
      • -> Save New Version
      • Publish
      • -> Deploy as Web App
      • -> At Execute the app as, select “your account”
      • -> At Who has access to the app, select “Only myself”
      • -> Click “Deploy”
      • -> Click “latest code” (By this click, it launches the authorization process.)
      • -> Please copy URL shown in the top of your browser as the redirect URI. And please modify the redirect URI like
  2. Open console project
    • On the Script Editor
      • -> Resources
      • -> Cloud Platform Project
      • -> Click “Projects currently associated with this script”
      • -> Click API in start guide
  3. Retrieve client id and client secret
    • On the Console Project
      • Click authentication information at left side
      • -> Create a valid Client ID as OAyth client ID
      • -> Choose Web Application
      • -> Input Name (This is a name you want.)
      • -> Input redirect URI that you have already copied.
      • -> done
      • -> Please copy client ID and client Secret in a pop-up window.

Here, you have client ID, client Secret and redirect URI to retrieving refresh token and access token. These can be used for following sample script.

Script :

In order to use this script, please retrieve client ID and client Secret, and deploy Web Apps, and run doGet() from Web Apps.

var clientId = "#####",
    clientSecret = "#####",
    scopes = "#####",
    redirectUri = "#####",
    baseurl = "";

function doGet() {
  return HtmlService.createHtmlOutput(
    "<input type=\"button\" value=\"Auth\" onclick=\"'" +
    baseurl +
    "auth?state=" + ScriptApp.newStateToken().withMethod("callback").withTimeout(300).createToken() +
    "&client_id=" + clientId +
    "&redirect_uri=" + redirectUri +
    "&scope=" + scopes +
    "&response_type=code&access_type=offline&approval_prompt=force" +
    "', 'Authorization', 'width=500,height=600');\">"

function callback(e) {
  return HtmlService.createHtmlOutput(
    UrlFetchApp.fetch(baseurl + "token", {
      method: "POST",
      payload: {
        client_id: clientId,
        client_secret: clientSecret,
        redirect_uri: redirectUri,
        code: e.parameter.code,
        grant_type: "authorization_code"
      muteHttpExceptions: true

When you want to launch this, please do as follows.

  • On the Script Editor
    • Publish
    • -> Deploy as Web App
    • -> Click “latest code” (By this click, it launches the authorization process.)

Note :

When I had made this sample script, I had encountered a strange error. So I searched about this.

Recently, the specification was changed. You can see at following blog.

Updating developer identity guidelines and registration processes to protect users

By this, when access token is retrieved on web, it is necessary to register your apps to OAuth Developer Verification form for some scopes. The error is as follows.

400. That’s an error.

Error: invalid_scope

You don't have permission to access some scopes.
Your project is trying to access scopes that need to go through the verification process.
{invalid = [### scope ###]}
If you need to use one of these scopes, submit a verification request.

It has already appeared at scopes for gmail and drive. The scopes for calendar can be used.