Overview
This is a method for removing Third-party Apps with Account Access using a script.
Demo
Description
When users create a script in a project and run the script, if the methods which are required to use scopes are included, users have to authorize to use the scopes using the browser. By authorizing it, users can use the script. The authorized projects can be seen at Third-party Apps with Account Access. One day, I had a situation that it required to remove the authorization of project, because of the security. Third-party Apps with Account Access can be manually removed as you know. But at that time, I wanted to remove using a script. So I came up with this method.
This method achieve to remove Third-party Apps with Account Access by revoking access token of the project. In document, according to the official Google’s document, the access token retrieved by refresh token can be revoked. When the access token was revoked, both the access token and the refresh token are revoked. I thought that this might be able to be also used for the project of standalone type and the container-bound script type. So I have tried and could confirm that it worked.
Usage
It supposes that a project has already been created and the authorization has also already been done. Under this situation, run the following sample script.
function myFunction() {
var url = "https://accounts.google.com/o/oauth2/revoke?token=" + ScriptApp.getOAuthToken();
var res = UrlFetchApp.fetch(url);
Logger.log(res.getResponseCode());
}
This sample script revokes the access token retrieved by ScriptApp.getOAuthToken()
. I thought that ScriptApp.getOAuthToken()
may retrieve the access token using a refresh token. If this access token was revoked, the refresh token is also revoked, and when the script is run again, the authorization is required again. My estimation was correct.
This is a sample script of Google Apps Script. But if you want to revoke it from outside of the script editor, for example, you can use the following curl sample.
curl https://accounts.google.com/o/oauth2/revoke?token=#####
References
- Site for manually removing Third-party Apps with Account Access
- Apps with access to your account
- Revoking a token
If this information is useful for you, I’m glad.