Multiple accounts issue with Google Apps Script

Post date: Feb 26, 2018 9:44:55 AM

Google has not yet fixed this issue which is affecting millions of users and thousands of add-on developers. Please upvote and answer on their issue tracker here to help

Since November 2017, if you are logged in with multiple Google accounts inside your web browser, the wrong account can be used by Google Apps Script. This article describes possible workarounds for developers.

Issue summary

For example, let's say I'm logged in with 2 accounts:

    • account1@gmail.com, which is my primary account in Chrome (ie the 'default' one)

    • account2@gmail.com. which is my secondary account

I open a Google Sheet with account2@gmail.com to use an add-on like Yet Another Mail Merge (YAMM).

Problem: YAMM will be executed by account1@gmail.com instead of account2@gmail.com!

An issue is currently opened on the Google Issue Tracker: https://issuetracker.google.com/issues/69270374

Additional details

Based on a comment from Google, this issue is linked to an update on Google Sheets side. But we can also reproduce this issue with Google Form add-ons.

"Thank you for your reports. The issue originally reported is due to recent improvements in Sheets' ability to handle multiple logged in accounts. These improvements expose limitations in Apps Script's ability to do the same. In particular, users may experience issues if they (1) are logged into more than one gmail.com account or more than one account belonging to the same G Suite domain, (2) have selected an account other than the default account while using Docs, Sheets, Slides, or Forms, and (3) use add-ons or the script editor."

As indicated by Google, this is only happening if you are logged in with multiple accounts of the same domain name (multiple gmail.com accounts or multiple accounts of the same G Suite domain).

Then 2 things can happen:

    • Either you haven't authorized the add-on with the default account. In that case, it will throw an "authorization is required to perform that action" error.

    • Or both accounts have installed / authorized the add-on. In that case, the add-on will be executed with the wrong account (the default one in Chrome) and can throw various errors (eg: if the add-on needs to perform operations on the current spreadsheet but this account hasn't access, it will throw an appropriate error. But if both accounts have access to the spreadsheet, this specific operation will succeed and the add-on will fail / throw an error at a different step).

Recommended workarounds

The 2 cases (add-on authorized or not authorized) must be handled differently.

1. Authorization is required to perform that action

If the error 'authorization is required to perform that action' is thrown, you cannot be 100% sure it is caused by this issue. So you have to adapt your error message. Here's the one we are currently using in YAMM:

"Yet Another Mail Merge is lacking the authorizations needed to run. Are you connected with multiple Google accounts in your web browser? If so please disconnect from your other Google accounts and try again. Else simply start a new merge from the YAMM menu to re-authorize."

But this "Authorization is required to perform that action" error message is translated by Google based on the user language. So if you want to correctly handle this error, you'll have to check for this message in US English but also in other languages (even in UK English, the error message is different, with Authorisation instead of Authorization).

Here are various translations of the message we have collected so far (not necessarily the whole sentence):

    • required to perform that action

    • Se necesita autorización para realizar esta acción.

    • Se requiere autorización para realizar esa acción.

    • Cal tenir autorització per efectuar aquesta acció.

    • Este necesară autorizarea pentru a efectua acțiunea respectivă.

    • autorização para efetuar

    • autorização para executar

    • Kailangan ng awtorisasyon upang maisagawa ang aksyon na iyan.

    • A művelet végrehajtásához engedély szükséges.

    • Da biste izvršili tu akciju, potrebna je autorizacija.

    • वह कार्यवाही करने के लिए अधिकार की आवश्यकता है.

    • ती क्रिया करण्यासाठी अधिकृतता आवश्यक आहे.

    • এই ক্রিয়াটি সম্পাদনা করার জন্য অনুমোদন প্রয়োজন৷

    • Godkännande krävs för att utföra denna åtgärd.

    • Do wykonania tej czynności wymagana jest autoryzacja.

    • Vous devez disposer des autorisations requises pour pouvoir effectuer cette action.

    • Autorisation requise pour exécuter cette action. Exécutez à nouveau le script pour autoriser cette action.

    • Für die Ausführung dieser Aktion ist eine Berechtigung erforderlich.

    • K provedení dané akce je vyžadována autorizace.

    • Perlu otorisasi untuk melakukan tindakan itu.

    • За да извършите това действие, ви е необходимо разрешение.

    • その操作を実行するには承認が必要です。

    • அந்தச் செயலைச் செய்ய அங்கீகரிப்பு தேவைப்படுகிறது.

    • Для виконання цієї дії потрібно здійснити авторизацію.

    • Для выполнения этого действия необходима авторизация.

    • Autorisation er påkrævet

    • richiesta l'autorizzazione

    • toestemming nodig

    • Bu eylemi gerçekleştirmek için yetki gerekiyor

    • 需要授權才能執行此動作。

    • Toiminnon tekemiseen vaaditaan lupa.

    • Cần được cho phép để thực hiện

2. Add-on authorized by both accounts

If the add-on has been correctly authorized, you won't get the previous message. Instead, the add-on can fail at any time depending on access rights (depending if the account has access to the ressources your script is trying to access, like a spreadsheet). Best is to warn the user as fast as possible (eg: if your add-on is sending emails, they will be sent by the wrong account, which is something we should avoid).

To do that, we can rely on Templated HTML with the HTML Service. Indeed, only google.script.run calls are affected by this issue. So the onOpen() function and any function linked to it (the functions used to display your UI when the user clicks on your menu) will be executed with the right account, but all subsequent functions triggered by google.script.run will be executed by the wrong account.

Thus we can use Session.getEffectiveUser().getEmail() to insert in the HTML template the email address of the right account. Then we can resend to server side this email address with a google.script.run call and, on server side, trigger again Session.getEffectiveUser().getEmail() to check if it matches the right account. If not, we can display an error message to the user:

Here's an example of a function we can use to check if the current user is impacted by the issue and warn him accordingly:

function checkMultipleAccountIssue(initiator) {

var userEmailAddress = Session.getEffectiveUser().getEmail();

if (initiator) {

// check if effective user matches the initiator (the account who triggered the display of the UI)

// Due to a Google bug, if user is connected with multiple accounts inside the same browser session

// google.script.run can be executed by another account than the initiator

if (initiator != userEmailAddress) {

console.error({

message: "Client side calls initiated from wrong account",

initiator:initiator,

effectiveUser: userEmailAddress

});

var errorMessage = "Multiple accounts issue.<br>";

errorMessage+= "Please log out of your account " + userEmailAddress;

errorMessage+= " to use YAMM with the account " +initiator;

throw new Error(errorMessage);

}

}

}

We hope this issue will be fixed soon, but as it has been ongoing since last November, best would be if add-ons are updated to correctly handle it.