Apps Script Web App requires full OAuth reauthorization every 7 days

35 views
Skip to first unread message

Giovanni Salanti

unread,
Jun 18, 2026, 2:18:54 PM (5 days ago) Jun 18
to Google Apps Script Community

Hello everyone,

I'm experiencing a strange OAuth behavior with an Apps Script Web App and would like to know if anyone has seen something similar.

Environment

  • Google Apps Script Web App

  • Deployment updated using Manage Deployments → New Version (same deployment, not a new deployment)

  • executeAs: USER_DEPLOYING

  • access: ANYONE_ANONYMOUS

  • OAuth Consent Screen: External

  • Publishing Status: Production

  • Same Google account used every time

  • Same Google Cloud Project linked to Apps Script

appsscript.json{ "oauthScopes": [ "https://www.googleapis.com/auth/spreadsheets", "https://www.googleapis.com/auth/drive", "https://www.googleapis.com/auth/script.container.ui", "https://www.googleapis.com/auth/userinfo.email", "https://www.googleapis.com/auth/script.scriptapp", "https://www.googleapis.com/auth/script.send_mail", "https://www.googleapis.com/auth/script.external_request" ], "webapp": { "executeAs": "USER_DEPLOYING", "access": "ANYONE_ANONYMOUS" } } Services used by the code

The application actually uses these services:

  • DriveApp

  • Advanced Drive API (Drive v3)

  • SpreadsheetApp

  • MailApp / GmailApp

  • UrlFetchApp

  • ScriptApp triggers

  • Session.getActiveUser()

  • Session.getEffectiveUser()

  • ScriptApp.getOAuthToken()

Problem

Approximately every 7 days I am required to go through the complete OAuth authorization flow again.

The sequence is:

  1. "Import Magazzino (Unverified)"

  2. "Google hasn't verified this app"

  3. Click "Review Permissions"

  4. Select Google account

  5. Accept all permissions again

  6. Receive a new Google email confirming that access has been granted

The application then works normally again for about another week.

What I already checkedPermissions are NOT revoked

When the issue occurs, the application is still listed in:

https://myaccount.google.com/permissions

with permissions such as:

  • View profile information

  • View, edit, create and delete Google Sheets

  • View, edit, create and delete Google Drive files

  • Other granted permissions

So Google still shows the app as authorized.

Deployment

  • Same deployment ID

  • No new deployments created

  • Only "Manage Deployment → New Version"

Google Cloud Project

  • Apps Script project and Google Cloud project are the same project

  • Project numbers match exactly

OAuth Consent Screen

  • User Type: External

  • Publishing Status: Production

Google Auth Platform

  • Data Access page shows no configured scopes

  • Verification Center says:

Verification is not required because your app does not request sensitive or restricted scopes.

Branding

Branding is not verified because homepage URL and privacy policy URL have not been configured.

Additional observation

The behavior is very regular (roughly every 7 days), which made me suspect token expiration or OAuth reauthorization logic.

However:

  • The app remains authorized in Google Account permissions.

  • The deployment does not change.

  • The Cloud project does not change.

  • The same Google account is always used.

Question

Has anyone experienced a similar situation where an Apps Script Web App requires a full OAuth authorization flow again approximately every 7 days, even though the app remains authorized in Google Account permissions?

Could this be related to:

  • ANYONE_ANONYMOUS access combined with OAuth-protected services?

  • Apps Script generated OAuth client behavior?

  • OAuth token lifecycle for Apps Script Web Apps?

  • Branding not being verified?

  • Some known Apps Script / Google Auth Platform limitation?

Any insight would be greatly appreciated.

Thank you.

Kildere S Irineu

unread,
Jun 22, 2026, 7:15:10 AM (yesterday) Jun 22
to Google Apps Script Community

Hi Giovanni,

One detail that stands out to me is that Google still shows the application as authorized in your Account Permissions page, yet you are being forced through the complete consent flow again, including the "Google hasn't verified this app" screen.

That makes me wonder whether this is less about access token expiration and more about OAuth client re-consent being triggered for some reason.

A few observations:

  • The very regular ~7-day interval is unusual.
  • The application remains authorized in the Google Account permissions page.
  • The deployment ID is unchanged.
  • The Cloud Project is unchanged.
  • The consent screen is reported as Production.

Because of that, I would focus less on deployment issues and more on OAuth client behavior.

A few questions:

  1. Does the reauthorization happen immediately when opening the Web App, or only after the script tries to access Drive, Sheets, Gmail, or another protected service?
  2. Have you checked whether the scopes shown on the consent screen are exactly the same every week?
  3. Does the behavior still occur if you temporarily remove non-essential scopes such as script.container.ui and any services not strictly required?

Another thing that caught my attention is that every reauthorization seems to display the "Unverified App" warning again. Since the Branding section is not fully configured, it may be worth completing the homepage URL and privacy policy fields just to eliminate that variable from the investigation.

I'm not aware of any documented Apps Script Web App behavior that intentionally requires a full OAuth consent renewal every 7 days when the app remains authorized and the consent screen is already in Production, so this definitely sounds worth investigating further.

Could you also confirm whether the consent screen appears directly, or whether an OAuth/token-related error is shown first?

Reply all
Reply to author
Forward
0 new messages