访问权限未授予或已过期。Service_.getAccessToken 运行 Gmail 签名 Appscript 时出错

Access not granted or expired. Service_.getAccessToken Error when i run my Gmail Signature Appscript

提问人:Mike OG 提问时间:11/17/2023 最后编辑:Mike OG 更新时间:11/19/2023 访问量:30

问:

我试图让我的电子邮件签名脚本为新用户运行,这真的很令人沮丧,但它适用于旧用户帐户。

当我运行脚本时 UserA@......它成功更新了他们的签名并且脚本完成,但是当我运行相同的脚本UserB@....它返回以下错误:

错误:访问权限未授予或已过期。Service_.getAccessToken @ Service.gs:518

用户 A 和 B 都位于同一 OU 和相同类型的用户中,但用户 B 是在创建脚本几个月后创建的。

有人可以帮忙吗?这对我来说没有意义。

但是,我注意到的是,当删除服务帐户并创建新的服务帐户时,它往往会工作一小段时间,然后再次停止。

我一个月只为单个用户运行一次脚本,所以我无法想象它的配额相关,但在这一点上我不排除任何事情。

function go() {  
  var pageToken;
  var page;

  do {
    page = AdminDirectory.Users.list({
      domain: 'domain.com',
      orderBy: 'familyName',
      query: '[email protected]',
      maxResults: 500,
      pageToken: pageToken,
      projection: 'full',
      // query: "[email protected]"
      // query: 'orgUnitPath=/Mentors'
    });
    if (page.users) {
      page.users.forEach( function (user){
        if (accountsToIgnore.indexOf(user.primaryEmail) == -1) {

        var service = getOAuthService(user.primaryEmail);
        // Pull in the signatire template file contents into this variable 
        var signatureTemplate = HtmlService.createHtmlOutputFromFile("signature").getContent();

          // Set up a userData variable, with some blank defaults as backups  
          var userData = {
            email: user.primaryEmail,
            firstName: user.name.givenName,
            lastName: user.name.familyName,
            jobTitle: "",
            showJobTitle: true,
            workingHours: "",
            directPhone: ""
          };
          if (typeof user.customSchemas !== 'undefined') { // Email sig settings are set
            if (typeof user.customSchemas.Email_signature !== 'undefined') {

              if (typeof user.customSchemas.Email_signature.Show_job_title_in_signature !== 'undefined' && user.customSchemas.Email_signature.Show_job_title_in_signature == false) {
                userData.showJobTitle = false; 
              }

              if (typeof user.customSchemas.Email_signature.Working_Hours_Description !== 'undefined' && user.customSchemas.Email_signature.Working_Hours_Description != "") {
                userData.workingHours = "<br /><br /><i>"+user.customSchemas.Email_signature.Working_Hours_Description+"</i><br />";
              }

            }
          }

          if (user.hasOwnProperty('organizations') && user.organizations[0].hasOwnProperty('title') && typeof user.organizations[0].title !== "undefined" && userData.showJobTitle == true) {
            userData.jobTitle = user.organizations[0].title+"<br />";
          }

          if (user.hasOwnProperty('phones') && Array.isArray(user.phones) && user.phones.length >0) {
            for (var p = 0; p < user.phones.length; p++) {
              if (user.phones[p].customType == "Google Voice") {
              // Depending on where in the world you are, you may need to adjust this formatting for your own needs... This replaces the +44 UK country code with a local "0" and adds a space after the local area code for formatting.
               userData.directPhone = "<br />D: " + user.phones[p].value.replace('+44', '0').replace('1158', '1158 '); 
              }
            }
          }

          // Replace the placeholders as seen in the signature.html file with the actual data from the userData variable set up earlier. 
          var userSig = signatureTemplate
          .replace(/(\r\n|\n|\r)/gm, "")
          .replace(/{email}/g, userData.email)
          .replace(/{firstName}/g, userData.firstName)
          .replace(/{lastName}/g, userData.lastName)
          .replace(/{jobTitle}/g, userData.jobTitle)
          .replace(/{workingHours}/g, userData.workingHours)
          .replace(/{directNumber}/g, userData.directPhone); 

          var sigAPIUrl = Utilities.formatString('https://www.googleapis.com/gmail/v1/users/%s/settings/sendAs/%s',userData.email, userData.email);

          var response = UrlFetchApp.fetch(sigAPIUrl, {
            method: "PUT",
            muteHttpExceptions: true,
            contentType: "application/json",
            headers: {
              Authorization: 'Bearer ' + service.getAccessToken()
            },
            payload: JSON.stringify({
              'signature': userSig
            })
          });

          if (response.getResponseCode() !== 200) {
            Logger.log('There was an error: ' + response.getContentText());
          } else {
            Logger.log("Signature updated for "+user.primaryEmail);
          }
        }
      }); 

    } else {
      Logger.log('No users found.');
    }
    pageToken = page.nextPageToken;
  } while (pageToken);
}

function getOAuthService(userId) {
  return OAuth2.createService("Signature Setter "+userId)
  .setTokenUrl('https://accounts.google.com/o/oauth2/token')
  .setPrivateKey(auth.private_key)
  .setIssuer(auth.client_email)
  .setPropertyStore(PropertiesService.getScriptProperties())
  .setSubject(userId)
  .setParam('access_type', 'offline')
  .setScope('https://www.googleapis.com/auth/gmail.settings.basic https://www.googleapis.com/auth/gmail.settings.sharing');
}

谢谢迈克

google-apps 脚本 google-workspace

评论

0赞 Mike OG 11/17/2023
函数 getOAuthService(userId) { return OAuth2.createService(“签名设置器 ”+userId) .setTokenUrl('accounts.google.com/o/oauth2/token') .setPrivateKey(auth.private_key) .setIssuer(auth.client_email) .setPropertyStore(PropertiesService.getScriptProperties()) .setSubject(userId) .setParam('access_type', 'offline') .setScope('googleapis.com/auth/gmail.settings.basic googleapis.com/auth/gmail.settings.sharing'); }
0赞 Tedinoz 11/18/2023
请您在问题正文中包含(格式化)脚本,而不是作为评论。
0赞 Tedinoz 11/18/2023
相关问题:Google Apps 脚本中的服务帐号访问权限未授予或过期
0赞 Mike OG 11/19/2023
@Tedinoz 感谢您的回复,我现在已经编辑了问题并使用脚本进行了编辑。我看过几篇文章说 OAuth2 令牌需要设置为自动续订,但我什至不知道如何将其应用于我当前的脚本,因为这对我来说都是陌生的领域,哈哈。认为如果它实际上是一个解决方案,这可能会有所帮助.谢谢

答: 暂无答案

上一个:突出显示所有脚注上标

下一个:从 Google 脚本打开 JSON 文件