Google Apps Script: Salesforce OAuth2 integration

Question

I am trying to connect to Salesforce using OAuth2 in Google Sheets Add-on.

var url = 'https://login.salesforce.com/services/oauth2/authorize?response_type=code&client_id=' +
           clientId + '&redirect_uri=' + redirectUri + '&display=popup' + 
           '&scope=full' + '&prompt=login';

Where the redirectUri is another Google Apps Script WebApp URL.

Now I need to share the code returned by Salesforce to my Google Sheets Add-on and not able to find a solution for it.

Please let me know if there is a better way to do authentication.

Any help or suggestion would be great.

Answer 1

Short answer

No, you cannot open a child window to be loaded in the same context in Editor Add-ons.

Explanation

As Google Apps Script uses security sandbox to sanitize user application content, you won't be able to utilize <iframe> or same-window resource loading. Although you can load the target resource in the same window in a WebApp, you can't in Editor Add-ons (allow-top-navigation for the sandbox attribute is not set when in context of Editor Add-on).

If this is ok with you, I would suggest setting width and height, as well as top and left properties to center or move the window close to sidebar + using window.open(), optionally with a fallback to link if popups are blocked. This will at least keep quality of UX relatively intact.

References

If you want to learn more about what restrictions and practices are in place:

1. HTMLService restrictions guide
2. IFRAME mode migration guide