google
Clasp push drops oauthScopes
I got a Gmail Add-on that worked before.
Currently, some users produced weird Missing access token for authorization errors that neither I nor other users could reproduce.
After further investigation, I discovered that I gave the Add-on access to "https://www.googleapis.com/auth/gmail.readonly" (as defined in the appscript.json), but impacted users do not have this permission.
Expected Behavior
Our appscript.json contains this section:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.addons.execute",
"https://www.googleapis.com/auth/gmail.addons.current.message.metadata",
"https://www.googleapis.com/auth/gmail.readonly",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/script.external_request"
],
When executing a clasp push or clasp push --force the result being sent seems to be:
"oauthScopes": [
"https://www.googleapis.com/auth/gmail.addons.execute",
"https://www.googleapis.com/auth/gmail.addons.current.message.metadata",
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/script.external_request"
],
This is taken from the script.google.com Version History.
Actual Behavior
I expect that the scopes be present as defined in my config (as i think to remember it previously was).
Steps to Reproduce the Problem
- Send a config with the above oauthScopes section to a project.
- Inspect the manifest online.
Specifications
- Node version (
node -v): 13.7 - Version (
clasp -v): 2.3.0 - OS (Mac/Linux/Windows): node:13.7 (base: Debian GNU/Linux 9 (stretch))
FTR: When i update my manifest locally, i get asked if i want to overwrite it online. Pressing yes does still drop the field.
If I edit the manifest online and the do a clasp pull, i get a valid appscript.json into ./dist
@kwiesmueller can you please put up a sample repos on GitHub for me to investigate?
