I've noticed that several Google Apps Script users are looking for a secure way to restrict access to their Web App. In my case I am looking for a way to let everyone have access to some functions of the web app, while a control panel must be reserved for the administrator (me).
I wanted to share my approach that makes use of the novelty introduced in GAS on March 15, 2021. The release notes say: "You can now have more than one active deployment.". So I thought about this approach. I activate two deployments:
I then use ScriptApp.getService().GetUrl() to address the doGet() call. doGet() reads which Web App is running and compare the value with two fields of a sheet ("private web app" and "public web app", I store these values into PropertiesService.getUserProperties()).
IF the active web app (ScriptApp.getService().GetUrl()) is equal to the Public Web App, THEN doGet() executes a function that show public content, OTHERWISE IF it is equal to the Private Web App Url THEN it executes the function that shows private information only to Apps Script Owner (me).
I tested the whole process and it seems to work. What do you think? Could this be a good approach? Is it a safe method?
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/0cff0612-f578-4b33-a98f-9a348b1e9a13n%40googlegroups.com.
Really fascinating thread!