Setting up a Google Scripts API resource with Google Service Account

Hi everyone!

I've been successfully using a REST API connection to Google Apps Scripts API using OAuth2 for a while.

To prevent having to log in every once in a while, I'm trying to replace it with a Google Service Account authenticated connection but I can't seem to make it work.

I've tried all that was mentioned in other threads with no success.

Resource set up:

  1. The OAuth2 resource:

  2. The new Service Account resource:

Query in a workflow:

  1. The OAuth2 query that works

  2. The new Service Account query that does not work

The error
I've got a 400 error:
{"error":{"code":400,"message":"Request contains an invalid argument.","status":"INVALID_ARGUMENT"}}
Given the message I think the authentication works but I can't figure out why I get this error.

Any idea?
Thank you so much for your help!

1 Like

does your service account have the right role?

  • Grant the Service Account the "Editor" role on the Apps Script project. You can do this by adding the Service Account as a member and assigning the role Script Editor.

you might need to enable Domain Wide Delegation though

Thanks for the reply!
Indeed the Service Account had no editor role on the Apps Script project. I added it but it did not change anything unfortunately.

I will contact my workspace admin colleagues to try and enable Domain Wide Delegation.

I'm wondering why the error message does not mention anything about insufficient roles and rights if that was the only issue.
On the GCP, I don't see any log, as if the calls did not even reach it.

Hey @Florian_Baron! Welcome back to the community.

Assuming Google's docs are up-to-date, the Apps Script API is incompatible with authentication via service accounts.

1 Like

Oh thanks Darren, I missed that.

After investigating a bit more my Google API resource in Retool, I realized that the refresh token was never updated, which explains why in the past I did not have to log in every 7 days but now I do.
I'm not sure if the issue comes from Retool or Google, but I've created a new set of credentials on the Google Cloud Console + a new resource en Retool and this time I have the refresh token.

Hopefully that'll fix my issues - at least while Google does fix teh Service Account with App Scripts API issues.

2 Likes

Update 3 days later: the connection was logged out after only 3 days this time :frowning:

I'll keep investigating and update this thread it I come up with a solution.
Anyone's idea is more than welcome!