HOME‎ > ‎Announcements‎ > ‎

Awesome Table - A new authentication flow

posted Aug 23, 2016, 9:45 AM by Romain Vialard   [ updated Sep 25, 2017, 2:05 AM ]
TL;DR: We advise Google Apps admins to install our new Awesome Table app via the Google Apps Marketplace to be sure people can use Awesome Table as usual in their domain.
Here's why:

In August 2016, Google announced on the Apps Updates blog 'enhanced third-party access protection for Google Sheets'. This means that tools like Awesome Table must now ask for explicit authorization before a user can view data from Google Sheets.

This only impacts spreadsheets that have not been shared publicly. Thus it impacts the use of Awesome Table inside intranets (even if you have shared your spreadsheets with 'everyone on your domain').

When will it happen?

Google will begin to enforce this requirement on September 14, 2016. You might note that this is a very short notice: Announcement in August, planned to be enforced a month later.

That's because the current way people can access Google Sheets has a vulnerability. For example, let's say I don't have access to a specific spreadsheet, but I know its ID / URL and I know one person who has access to it. I can create a web page, insert some code there, send the link to that person and if he opens it, I'll be able to silently retrieve the spreadsheet data, without any authorization from the user.

Google is in fact giving until November 14, 2016 to Google Apps domains to adapt to this change. If you are an Awesome Table user, you are impacted by this change, but other tools than Awesome Table are also impacted. Google has sent an email to the primary administrator of each impacted domain, with an attached .csv file containing the list of impacted spreadsheets and the URLs in which they are displayed.

Subject of the email: '[IMPORTANT] Security changes for Google Sheets':

If you are a Google Apps admin on your domain and haven't received this email, note that it was only sent to the primary administrator of the domain. In the Google Apps admin console, it's the email address listed under Company profile > Profile > Contact information.

We strongly advise you to check that email and the attached .csv.

What should you do about it?

When Google enforces this requirement on your domain, all users who want to see an Awesome Table view will be prompted to authorize Awesome Table to access the spreadsheet behind the view. As Awesome Table views are displayed inside intranets, site owners might not be very happy to see that their news, people directories,... are now asking permissions to end users.

That's why we have published an app on the Google Apps Marketplace that admins can install for the whole domain. They will make a one-time authorization so that users don't have to.

Let's sum up

  • If the spreadsheets you are using with Awesome Table are public (e.g.: You are using Awesome Table on a website visible for the whole world), there is no impact and you don't have to do anything.
  • If you are using Awesome Table in an intranet with protected spreadsheets, users will be prompted to authorize Awesome Table to access spreadsheet data, unless an admin on your domain install our marketplace app.

If you have questions about this change, please email us at support@awesome-table.com or go to our G+ community.