Access user identity properties
Stay organized with collections
Save and categorize content based on your preferences.
Users will use your Community Connector to create their own data sources. For
these data sources, your connector can access the effective user's identity.
Depending on the Data source credentials, the effective user can be the data
source creator (Owner's credentials) or the report viewer (Viewer's
credentials).
Benefits
- You can access Google services and APIs on behalf of the user.
- You can implement custom access control to ensure only relevant data is
being displayed.
- You can customize the user experience for the effective user.
Implementation steps
Accessing the user OAuth token
Your connector can access Google services and APIs on behalf of the user by
passing the user's OAuth token. To access the effective user's OAuth token in
your connector, use ScriptApp.getOAuthToken(). See getOAuthToken reference.
This token will include the Authorization scopes included during the connector
authorization.
For most connectors, Apps Script automatically detects what scopes are needed by
parsing and processing the script. You can view the scopes a connector uses at
any time. You can also set scopes explicitly in your manifest using URL
strings. If you want to access a Google service or API on behalf of the user,
include that relevant scope in the manifest.
Accessing the user email address
In your code, you can identify the current effective user with
Session.getEffectiveUser().getEmail(). See getEffectiveUser reference.
Adding this code will automatically add the
https://www.googleapis.com/auth/userinfo.email authorization scope to your
connector.
Example: Calling Google APIs with user OAuth token
- The Google Fit connector fetches data from the Google Fit API for the
effective user. While calling the API, it passes the effective user's OAuth
token. See the source code for implementation
details.
- The Firestore connector uses the Cloud Resource Manager to get a list of
projects for the effective user. This connector also passes the effective
user's OAuth token. See the source code for
implementation details.
Example: isAdminUser() based on email address
Except as otherwise noted, the content of this page is licensed under the Creative Commons Attribution 4.0 License, and code samples are licensed under the Apache 2.0 License. For details, see the Google Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.
Last updated 2024-09-18 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-09-18 UTC."],[[["\u003cp\u003eCommunity Connectors allow you to build data sources that can access the effective user's identity, enabling personalized data retrieval.\u003c/p\u003e\n"],["\u003cp\u003eDepending on the data source credentials, the effective user can be either the data source creator or the report viewer.\u003c/p\u003e\n"],["\u003cp\u003eYour connector can leverage the user's OAuth token to access Google services and APIs on their behalf for custom data integrations.\u003c/p\u003e\n"],["\u003cp\u003eYou can tailor the user experience by implementing custom access control and using the user's email address for identification.\u003c/p\u003e\n"]]],[],null,["# Access user identity properties\n\nUsers will use your Community Connector to create their own data sources. For\nthese data sources, your connector can access the effective user's identity.\nDepending on the [Data source credentials](https://support.google.com/looker-studio/answer/6371135), the effective user can be the data\nsource creator (Owner's credentials) or the report viewer (Viewer's\ncredentials).\n\nBenefits\n--------\n\n- You can access Google services and APIs on behalf of the user.\n- You can implement custom access control to ensure only relevant data is being displayed.\n- You can customize the user experience for the effective user.\n\nImplementation steps\n--------------------\n\n### Accessing the user OAuth token\n\nYour connector can access Google services and APIs on behalf of the user by\npassing the user's OAuth token. To access the effective user's OAuth token in\nyour connector, use `ScriptApp.getOAuthToken()`. See [getOAuthToken reference](/apps-script/reference/script/script-app#getoauthtoken).\nThis token will include the [Authorization scopes](/apps-script/concepts/scopes) included during the connector\nauthorization.\n\nFor most connectors, Apps Script automatically detects what scopes are needed by\nparsing and processing the script. You can [view the scopes](/apps-script/concepts/scopes#viewing_scopes) a connector uses at\nany time. You can also [set scopes explicitly](/apps-script/concepts/scopes#setting_explicit_scopes) in your [manifest](/apps-script/concepts/manifests) using URL\nstrings. If you want to access a Google service or API on behalf of the user,\ninclude that relevant scope in the manifest.\n\n### Accessing the user email address\n\nIn your code, you can identify the current effective user with\n`Session.getEffectiveUser().getEmail()`. See [getEffectiveUser reference](/apps-script/reference/base/session#getEffectiveUser).\nAdding this code will automatically add the\n`https://www.googleapis.com/auth/userinfo.email` authorization scope to your\nconnector.\n\nExample: Calling Google APIs with user OAuth token\n--------------------------------------------------\n\n- The [Google Fit connector](https://lookerstudio.google.com/datasources/create?connectorId=AKfycbwFrL1OLXR3wqfnxowGFF3w3D4eq-54vAwjxDWcWRjiZMxX7jhII_1Ddx6y76GDHrxIew) fetches data from the Google Fit API for the effective user. While calling the API, it passes the effective user's OAuth token. See [the source code](https://github.com/googledatastudio/community-connectors/blob/master/google-fit/src/GoogleFit.js#L245) for implementation details.\n- The [Firestore connector](https://github.com/googledatastudio/community-connectors/tree/master/firestore) uses the Cloud Resource Manager to get a list of projects for the effective user. This connector also passes the effective user's OAuth token. See [the source code](https://github.com/googledatastudio/community-connectors/blob/master/firestore/src/GoogleCloud.gs#L30) for implementation details.\n\nExample: `isAdminUser()` based on email address\n-----------------------------------------------\n\n- The [Chrome UX Connector](http://g.co/chromeuxdash) maintains a list of admin users. It uses `getEffectiveUser()` and compares the effective user against the list to determine whether the effective user is an admin or not. See [implementation of `getEffectiveUser`](https://github.com/googledatastudio/community-connectors/blob/master/chrome-ux-report/src/Code.js#L581)."]]
