HTTP/2 301
strict-transport-security: max-age=86400; includeSubDomains
content-type: text/html; charset=UTF-8
location: https://cloud.google.com/blog/changes-oauth-apps-script
content-encoding: gzip
date: Mon, 14 Jul 2025 23:55:37 GMT
expires: Mon, 14 Jul 2025 23:55:37 GMT
cache-control: private, max-age=0
x-content-type-options: nosniff
x-xss-protection: 1; mode=block
content-length: 217
server: GSE
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
HTTP/2 301
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Jul 2025 23:55:38 GMT
location: https://cloud.google.com/blog/products/workspace/changes-oauth-apps-script
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'report-sample' 'nonce-GhjwMcBNHQb5kfoZ7emjYA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' blob:
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://maps.googleapis.com;report-uri /blog/_/TransformBlogUi/cspreport/allowlist
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=525=nFCR3WF3LGkSuEuKLRpcwRJV4Gi4trWWmfFzVXJdJwz06ckr3MydlfEtZ7X4uqNfsQJ2zKXJnfzsgr8ovgmZe9cjQ3na--70dAYuN-cDWL4Lm6nRI9Rq3KfEf9OGyz6H2rZEAo2vyS9eVHVcHZgSEje1HOYfowaJlEgDufT_fYtmM8wCGfkpX7X63toy70Sc; expires=Tue, 13-Jan-2026 23:55:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
HTTP/2 301
content-type: application/binary
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Jul 2025 23:55:38 GMT
location: https://workspace.google.com/blog/product-announcements/changes-oauth-apps-script
p3p: CP="This is not a P3P policy! See g.co/p3phelp for more info."
strict-transport-security: max-age=31536000
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/TransformBlogUi/cspreport
content-security-policy: script-src 'report-sample' 'nonce-W_mql3R9fF_QXIW1UkindA' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/TransformBlogUi/cspreport;worker-src 'self' blob:
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://ssl.google-analytics.com https://www.googleadservices.com/pagead/conversion_async.js https://www.youtube.com https://googleads.g.doubleclick.net https://www.googleadservices.com/pagead/ https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://maps.googleapis.com;report-uri /blog/_/TransformBlogUi/cspreport/allowlist
cross-origin-opener-policy: same-origin
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
server: ESF
content-length: 0
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
set-cookie: NID=525=jH4hn6i4kzTNiEN3cNtXcw8LwQt81CUtc6ifmtU67G7QxvDXjP81ACJH3qZi5SuShuyzuHwHnTzkELUJFiGnzKNuOBQT6DgaBY5n2OJ4ZySB-mMNvdM3cxOL0on5PSB1mxsPnx_FaHcddbud9C6v1TFM36tMHUwilF6ms2vVAawHED-tRDvMsKeBqGYgzaHY; expires=Tue, 13-Jan-2026 23:55:38 GMT; path=/; domain=.google.com; Secure; HttpOnly; SameSite=none
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
HTTP/2 200
content-type: text/html; charset=utf-8
vary: Sec-Fetch-Dest, Sec-Fetch-Mode, Sec-Fetch-Site
x-ua-compatible: IE=edge
cache-control: no-cache, no-store, max-age=0, must-revalidate
pragma: no-cache
expires: Mon, 01 Jan 1990 00:00:00 GMT
date: Mon, 14 Jul 2025 23:55:39 GMT
strict-transport-security: max-age=31536000
accept-ch: Sec-CH-UA-Arch, Sec-CH-UA-Bitness, Sec-CH-UA-Full-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Model, Sec-CH-UA-WoW64, Sec-CH-UA-Form-Factors, Sec-CH-UA-Platform, Sec-CH-UA-Platform-Version
content-security-policy: script-src 'report-sample' 'nonce-01LIXNEQQfmjpTWjJYvbww' 'unsafe-inline';object-src 'none';base-uri 'self';report-uri /blog/_/WorkspaceBlogUI/cspreport;worker-src 'self' blob:
content-security-policy: script-src 'unsafe-inline' 'unsafe-eval' blob: data: 'self' https://apis.google.com https://ssl.gstatic.com https://www.google.com https://www.googletagmanager.com https://www.gstatic.com https://www.google-analytics.com https://www.youtube.com https://www.googleadservices.com/pagead/conversion_async.js https://googleads.g.doubleclick.net https://ssl.google-analytics.com https://www.googleadservices.com/pagead/ https://www.google.com/tools/feedback/ https://www.gstatic.com/feedback/js/ https://www.gstatic.com/inproduct_help/ https://www.gstatic.com/support/content/ https://www.gstatic.com/uservoice/feedback/client/web/live/ https://www.gstatic.com/uservoice/surveys/resources/prod/js/survey/ https://support.google.com/inapp/ https://maps.googleapis.com;report-uri /blog/_/WorkspaceBlogUI/cspreport/allowlist
content-security-policy: require-trusted-types-for 'script';report-uri /blog/_/WorkspaceBlogUI/cspreport
cross-origin-opener-policy: same-origin
permissions-policy: ch-ua-arch=*, ch-ua-bitness=*, ch-ua-full-version=*, ch-ua-full-version-list=*, ch-ua-model=*, ch-ua-wow64=*, ch-ua-form-factors=*, ch-ua-platform=*, ch-ua-platform-version=*
reporting-endpoints: default="/blog/_/WorkspaceBlogUI/web-reports?context=eJzjStHikmII1JBiyHz6mIn90ROm1pvnWKcDsZrrBVZDhUuszkBcJHGFtQWIm1yvst54cI31U9UNVpHqG6y3mm-wJrHfZC0B4geFt1jXbLzFuhWIlc7cYuVce5dVCIi_bwPS3By_N147zCawo6uLR0k7Kb8wPjknvzSlQrc8NUk3KSc_Xbc0szi1qCy1KN7IwMjUwNzQRM_AJL7AAABSiT-B"
content-encoding: gzip
server: ESF
x-xss-protection: 0
x-frame-options: SAMEORIGIN
x-content-type-options: nosniff
alt-svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Changes to OAuth in Apps Script | Google Workspace Blog Product Announcements
March 5, 2015
Eric Koleda Developer Programs Engineer, G Suite
Try Google Workspace at No Cost Get a business email, all the storage you need, video conferencing, and more.
SIGN UP Update (2015-06-15) : The sunset date listed below has been changed from June 26th to July 6th, 2015.
OAuth is the de facto standard for authorization today and is used by most modern APIs. Apps Script handles the OAuth flow automatically for dozens of built-in and advanced services, but until recently only had limited support for connecting to other OAuth-protected APIs such as Twitter, etc. The URL Fetch service’s OAuthConfig
With only a few clicks, you can add these libraries to your scripts. The full source code is available on GitHub if you need to tinker with how they work. These libraries allow for greater control over the OAuth flow, including the ability for users to grant access separately, a long standing feature request from the community.
We believe that these open libraries are a better alternative to our previous solution, and therefore we are deprecating the OAuthConfig class. The class will continue to function until July 6, 2015, after which it will be removed completely and any scripts that use it will stop working We’ve prepared a migration guide that walks you through the process of upgrading your existing scripts to use these new libraries.
Separate from these changes in Apps Script and as announced in 2012 , all Google APIs will stop supporting OAuth 1.0 for inbound requests on April 20, 2015. If you use OAuthConfig to connect to Google APIs, you will need to migrate before that date. Update your code to use the OAuth2 library or the API’s equivalent Advanced Service if one exists.
OAuthConfig Connecting To Migrate To Migration Deadline Google API (Calendar, Drive, etc) OAuth2 for Apps Script or Advanced Service April 20, 2015 Non-Google API (Twitter, etc) OAuth1 for Apps Script July 6, 2015
We see Apps Script and Sheets as the perfect hub for connecting together data inside and outside of Google, and hope this additional OAuth functionality makes it an even more compelling platform.
