'Google App Script User Scope Approval for new scope

I've added the script.external_request scope to my GMail Add-on so that I can connect to and store information in a MySQL dB.

The scope was submitted and approved by Google OAuth and Marketplace SDK.

If I run the script in the editor from the HEAD deployment, I get the OAuth approval workflow and the script connects to the database.

In the deployed version I keep getting the following error:

You do not have permission to call Jdbc.getConnection. Required permissions: https://www.googleapis.com/auth/script.external_request

It seems to me that the end users are not getting a trigger to accept the new scope from the UI of the addon.

Is there a way to force the OAuth workflow re-authorization from the addon UI?

Or is there something else going on here?

ADDED INFO

I used Aaron's suggestion on the QuickStart to add a logging check to see if the required permissions are present. At least this will point to if this might be a red-herring.

    if (authInfo.getAuthorizationStatus() ==
    ScriptApp.AuthorizationStatus.REQUIRED) {
        Logger.log(`${user} - Missing required scope authorizations`)
    }else{
        Logger.log(`${user} - Required scope authorizations present`)
    }

Naturally in the 12hrs this has been present, no user has opened the app. So will have to report back later.

Also adding my appscript.json manifest

  "timeZone": "America/New_York",
  "runtimeVersion": "V8",
  "addOns": {
    "common": {
      "name": "GMailAddOn",
      "logoUrl": "https://lh3.googleusercontent.com/...",
      "layoutProperties": {
        "primaryColor": "#2772ed"
      },
      "useLocaleFromApp": true
    },
    "gmail": {
      "homepageTrigger": {
        "enabled": true,
        "runFunction": "initApp"
      }
    }
  },
  "exceptionLogging": "STACKDRIVER",
  "oauthScopes": [
    "https://www.googleapis.com/auth/gmail.addons.execute",
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/userinfo.profile",
    "https://www.googleapis.com/auth/script.send_mail",
    "https://www.googleapis.com/auth/script.locale",
    "https://www.googleapis.com/auth/script.scriptapp",
    "https://www.googleapis.com/auth/gmail.modify",
    "https://www.googleapis.com/auth/script.external_request"
  ],
  "urlFetchWhitelist": [
    "https://google.com/"
  ]
}
google-apps-scriptgoogle-cloud-platform


Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source

Related Questions

How to use use Firestore document field's HashMap key value and populate recyclerview?

how to keep GKE cluster nodes in different regions?

Google Cloud TTS API for M1 Mac

Is it possible to render a video from AfterEffects in a Google Collaboratory notebook?

Allow-IAP Firewall Rule created in default VPC in GCP getting reflected in other VPC as well

Attribute Error when importing SpeechClient from google.cloud.speech

GCP Cost billing data

What is the difference between gcloud and gsutil?

Volume not persistent in Google Cloud

Permission Denied when trying to write on a TPU VM foler

Google Cloud Free Tier will start charging for static or ephemeral IP Address?

How to create a empty folder in google storage(bucket) using gsutil command?

How can size of the root disk in Google Compute Engine be increased?

Cannot switch Firestore from Datastore to native mode on GCP

action console simulator is not working and I cannot release my project