I have two Google Apps Scripts in my Google Apps account. Both have been published as webapps with the following settings.
Script A:
Execute as me
Who has access to the web app:Anyone within XXXXXXX.com
Script B:
Execute as the user accessing the app
Who has access to the web app:Anyone within XXXXXXX.com
I want to have Script B use UrlFetchApp to execute Script A. How do I authenticate Script B to Script A?
Note:
Script A is being used to get\write data from\to a spreadsheet that only I have access. Since my Google Apps domain administrator does not allow sharing outside the domain, I can not set anonymous access to the web app.
I want to have Script B use UrlFetchApp to execute Script A. How do I authenticate Script B to Script A?
Even though Script A is set up to allow anyone to access it, our goal is to secure it so that only Script B will be able to make a valid request. This can easily be accomplished using a shared secret key that both Script A and Script B have access to. When Script B makes the request to Script A, it simply needs to include the secret key. Script A can refuse any request which does not include the secret key.
Only someone who is able to view the source code to either Script A or Script B will be able to find the secret key. Of course, anyone who obtains the secret key is able to impersonate Script B.
As a further enhancement, you could use the Utilities.computeHmacSha256Signature() method as a way to avoid sending the secret key as part of the request. Both scripts still need to know the secret key, but you can have Script B compute a signature and send that as part of the request instead of the secret key itself.
Without the anonymous access its not possible. You might be able to pretend you are a browser, ie see what your browser sends when you run the webapp and send the same header/cookie etc but its not really a supported way.
来源:https://stackoverflow.com/questions/23752032/passing-authentication-from-one-google-apps-script-webapp-to-another-google-apps