You wouldn't do any of that in Google Sheets. You'd store all that externally in a database, like mysql and handle all the charges and everything else on your own server. From google sheets side you would simply run a UrlFetchApp request with that user's email to your server and have your server confirm that this user is still allowed to use the app.
Awesome as always. Thanks. 👏👏👏 I'm using this method in a web app for authentication, but it's tedious to share the spreadsheet with all of users and ask for their permission. So instead I'm trying to find a way to implement one of classic auth methods like jwt token. But so far I could not. The biggest problem is that Google blocks redirects. 🤷♂️
My goal is as follows: doGet() function returns the login.html file. If there is no token in localStorage or sessionStorage or cookies does nothing. Keeps the login page. The users enter their username and password and then submit the form. doPost() function verifies if the username and password are correct. If correct returns index.html page with a jwt token saves the token to database a js function saves the token to localStorage If wrong returns login.html with a error code.
If there is a token a js function sends the token to a server side function If the token matches a user's token in the database redirects to index.html page. The user is logged in. Else keeps login.html page
@@getitdonetube It might work if I write a separate web app to identify the user (where I can read the active user); and based on the e-mail address, I call the main app by passing a parameter?
Yes, theoretically, you can create second Web App as API, pass fetch request via backend with user's email included. It will be pretty complicated to make one though.
Can we change the code of Google sheet editor add-on, such that using same code we can access it through web app too. Right now, we can not access the sheets editor add-on through mobile browser of Android sheets app, but if we can embed the same code in website then we might access it through the mobile browser. I have my database having columns(yes it is in sheet, I don't know MySQL, please prepare a series for beginners of MySQL) email address, Spreadsheet ID, Spreadsheet name, validity date etc. When one runs add-on, I am verifying the user, sheet id and date. I think, if I can acces his email then using my database, I can give him options of sheet names, in which he/she wants to work, and then I might load the editor add-on menu in div or Li elements, which access the selected sheet instead of SpreadsheetApp.getActiveSpreadsheet().getSheetByName(name) of editor add-on.
Very instructive !
Very cool Brow.
thanks a lot.
Great information. Would be helpful to understand how to manage users where an app is launched as a paid service and you need to manage subscriptions.
How exactly do you manage payments?
@@getitdonetube If you have a paid add-on with monthly or annual subscription, you'd need to know when to collect payment for each subscriber
You wouldn't do any of that in Google Sheets. You'd store all that externally in a database, like mysql and handle all the charges and everything else on your own server.
From google sheets side you would simply run a UrlFetchApp request with that user's email to your server and have your server confirm that this user is still allowed to use the app.
Thanks
So in case there are many users using the same sheet, is it possible to save each user log or save his email next to edits he does on that sheet?!
Yes.
@@getitdonetube In that case, I think you are generous and we deserve making a tutorial applying that scenario 😏
Awesome as always. Thanks. 👏👏👏
I'm using this method in a web app for authentication, but it's tedious to share the spreadsheet with all of users and ask for their permission. So instead I'm trying to find a way to implement one of classic auth methods like jwt token. But so far I could not.
The biggest problem is that Google blocks redirects. 🤷♂️
My goal is as follows:
doGet() function returns the login.html file.
If there is no token in localStorage or sessionStorage or cookies
does nothing. Keeps the login page.
The users enter their username and password and then submit the form.
doPost() function verifies if the username and password are correct.
If correct
returns index.html page with a jwt token
saves the token to database
a js function saves the token to localStorage
If wrong
returns login.html with a error code.
If there is a token
a js function sends the token to a server side function
If the token matches a user's token in the database
redirects to index.html page. The user is logged in.
Else
keeps login.html page
doGet function has no access to cookies or localStorage, so you should forget about doGet, do get should just load an empty page.
After that you'll need to use a single page application that will load everything with javascript.
so you'll need a function that will accept username/password and return a token if those are correct.
there is no need to store jwt in the database, the whole point of jwt is to not store tokens on the server.
why this is asking delete spreadsheet permissions in the prompt ?
Thx for this tutorial.
Is there any way to get the active user information, if I don't want to share the spreadsheet?
Only if you are both under the same Google Workspace.
@@getitdonetube thank you very much!
@@getitdonetube It might work if I write a separate web app to identify the user (where I can read the active user); and based on the e-mail address, I call the main app by passing a parameter?
Yes, theoretically, you can create second Web App as API, pass fetch request via backend with user's email included. It will be pretty complicated to make one though.
When to share new video???
Great tutorial! but is there a way to get an active user, that executes by me? 5:52
Only if you are a part of the same workspace-domain.
Can we change the code of Google sheet editor add-on, such that using same code we can access it through web app too.
Right now, we can not access the sheets editor add-on through mobile browser of Android sheets app, but if we can embed the same code in website then we might access it through the mobile browser.
I have my database having columns(yes it is in sheet, I don't know MySQL, please prepare a series for beginners of MySQL)
email address, Spreadsheet ID, Spreadsheet name, validity date etc. When one runs add-on, I am verifying the user, sheet id and date.
I think, if I can acces his email then using my database, I can give him options of sheet names, in which he/she wants to work, and then I might load the editor add-on menu in div or Li elements, which access the selected sheet instead of SpreadsheetApp.getActiveSpreadsheet().getSheetByName(name) of editor add-on.