Working with user identity

Users will use your Community Connector to create their own data sources. For these data sources, your connector can access the effective user's identity. Depending on the Data source credentials, the effective user can be the data source creator (Owner's credentials) or the report viewer (Viewer's credentials).

Benefits

  • You can access Google services and APIs on behalf of the user.
  • You can implement custom access control to ensure only relevant data is being displayed.
  • You can customize the user experience for the effective user.

Implementation steps

Accessing the user OAuth token

Your connector can access Google services and APIs on behalf of the user by passing the user's OAuth token. To access the effective user's OAuth token in your connector, use ScriptApp.getOAuthToken(). See getOAuthToken reference. This token will include the Authorization scopes included during the connector authorization.

For most connectors, Apps Script automatically detects what scopes are needed by parsing and processing the script. You can view the scopes a connector uses at any time. You can also set scopes explicitly in your manifest using URL strings. If you want to access a Google service or API on behalf of the user, include that relevant scope in the manifest.

Accessing the user email address

In your code, you can identify the current effective user with Session.getEffectiveUser().getEmail(). See getEffectiveUser reference. Adding this code will automatically add the https://www.googleapis.com/auth/userinfo.email authorization scope to your connector.

Example: Calling Google APIs with user OAuth token

  • The Google Fit connector fetches data from the Google Fit API for the effective user. While calling the API, it passes the effective user's OAuth token. See the source code for implementation details.
  • The Firestore connector uses the Cloud Resource Manager to get a list of projects for the effective user. This connector also passes the effective user's OAuth token. See the source code for implementation details.

Example: isAdminUser() based on email address