From 0fba3dc75c7150aaf8035c79b366098891309222 Mon Sep 17 00:00:00 2001 From: Rahul Parundekar Date: Tue, 30 Jun 2026 17:06:24 +0530 Subject: [PATCH 1/2] docs: complete OAuth scope list (Sheets, Docs, Slides, Drive, Forms) Document the full scope set the ops workflows need, and clarify which the bundled scripts actually use (Sheets + Drive) vs. which are for operating the Docs/Slides/Forms assets directly (interactive ops, source decks and docs). Replaces the earlier Sheets/Drive/Forms-only note that mislabeled Forms as a script dependency. Co-Authored-By: Claude Opus 4.8 --- README.md | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index f408d20..4d0a967 100644 --- a/README.md +++ b/README.md @@ -75,16 +75,20 @@ Install it, then authenticate with one of: - **Pre‑obtained token:** set `GOOGLE_WORKSPACE_CLI_TOKEN=` - **Client app:** set `GOOGLE_WORKSPACE_CLI_CLIENT_ID` and `GOOGLE_WORKSPACE_CLI_CLIENT_SECRET`, then `gws auth login` -On your Google Cloud project, enable the **Sheets**, **Drive**, **Docs**, and -**Forms** APIs. - -**OAuth scopes.** The ops skills *read and write* Sheets/Drive (clone, rebrand, -clean) and read Form responses, so grant **read-write** scopes — read-only access -passes the verify step below but then fails on the first write: - -- `https://www.googleapis.com/auth/spreadsheets` — read/write the intake sheet -- `https://www.googleapis.com/auth/drive` — copy, create, and update Drive files - (chapter/series asset clones) +On your Google Cloud project, enable the **Sheets**, **Docs**, **Slides**, +**Drive**, and **Forms** APIs. + +**OAuth scopes.** Grant **read-write** scopes — read-only access passes the verify +step below but then fails on the first write. The bundled scripts use only the +Sheets and Drive scopes; the Docs, Slides, and Forms scopes are for operating on +those assets directly (interactive ops via the connector/MCP, and the +chapter/series source docs and decks): + +- `https://www.googleapis.com/auth/spreadsheets` — read/write the intake sheet *(scripts)* +- `https://www.googleapis.com/auth/drive` — copy, create, and update Drive files, + incl. chapter/series asset clones *(scripts)* +- `https://www.googleapis.com/auth/documents` — read/edit chapter/series Docs +- `https://www.googleapis.com/auth/presentations` — read/edit day-of / series Slides - `https://www.googleapis.com/auth/forms.body` — read/edit the intake form - `https://www.googleapis.com/auth/forms.responses.readonly` — read form responses From e92faf8eb43cc11cd518c1451d0355725ce45749 Mon Sep 17 00:00:00 2001 From: Rahul Parundekar Date: Tue, 30 Jun 2026 17:12:42 +0530 Subject: [PATCH 2/2] fix: address self-review findings on OAuth scopes note - Reconcile the "grant read-write scopes" lead-in with the read-only forms.responses.readonly scope (form responses are read-only by nature) - Reframe the Docs/Slides/Forms rationale onto the chapter/series source docs/decks and intake form rather than over-claiming connector/MCP support Co-Authored-By: Claude Opus 4.8 --- README.md | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/README.md b/README.md index 4d0a967..1cc2271 100644 --- a/README.md +++ b/README.md @@ -78,11 +78,13 @@ Install it, then authenticate with one of: On your Google Cloud project, enable the **Sheets**, **Docs**, **Slides**, **Drive**, and **Forms** APIs. -**OAuth scopes.** Grant **read-write** scopes — read-only access passes the verify -step below but then fails on the first write. The bundled scripts use only the -Sheets and Drive scopes; the Docs, Slides, and Forms scopes are for operating on -those assets directly (interactive ops via the connector/MCP, and the -chapter/series source docs and decks): +**OAuth scopes.** Grant **read-write** scopes for anything you write to — +read-only access passes the verify step below but then fails on the first write +(form responses are read-only by nature, hence the `.readonly` scope). The +bundled scripts use only the Sheets and Drive scopes; the Docs, Slides, and Forms +scopes are for operating on those assets directly — the chapter/series source docs +and decks, and the intake form (e.g. via Claude's Google connector or an MCP +server): - `https://www.googleapis.com/auth/spreadsheets` — read/write the intake sheet *(scripts)* - `https://www.googleapis.com/auth/drive` — copy, create, and update Drive files,