View Source

Update 27th March 12:14PM CET

Broken AppScript following Google Migration

Following the migration to Syensqo Google Workspace on March 26th, some Syensqo used AppScripts have stopped functioning correctly

CAUSE

AppScripts which could not be administratively identified as Syensqo, prior to the migration, could not be whitelisted.

Resolution:

Submit an ITSM incident; select "Google Apps Script - SCo" as the application; providing the AppScript Client ID for each affected AppScript (each AppScript will have its own Client ID. You can submit multiple AppScript Client IDs in a single ticket).

Instructions for finding AppScript Client IDs

Method 1 - From the Access Blocked error screen

Click on error details link

2. From the error details pop up, copy and paste the client ID string (highlighted in Red, below) and provide that in your incident ticket.

Sample Error Popup

Error 400: admin_policy_enforced
Request details: access_type=offline login_hint=charles.fromage-ext@syensqo.com hl=en response_type=none gsession redirect_uri=https://script.google.com/oauthcallback state=12345661395298156544

client_id=408709770952-5o37rm454pr8poa5pvukcmf9e747ics6.apps.googleusercontent.com prompt=consent enable_serial_consent=true scope=https://www.googleapis.com/auth/spreadsheets flowName=GeneralOAuthFlow

Method 2 - Using the AppScript Editor (If your script is linked to a GCP project)Open Apps Script Editor

Open your Google Sheets file.
Click on Extensions → Apps Script.

Get the OAuth2 Client ID

3. In the Apps Script editor, go to Project Settings.

4. Under Google Cloud Platform (GCP) Project, click Manage Project.

5. In the GCP Console, go to APIs & Services → Credentials.

6. Look under OAuth 2.0 Client IDs.

7. Copy the Client ID (xxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com).

List all the Client IDs for your affected AppScripts in an ITSM incident with the following details:

Syensqo IS - Customer Support > Google AppScript: Separation Guide > image-2025-4-22_10-23-23.png

Subject: Syensqo GWS: AppScript Whitelisting request

Description: My AppScript(s) with the following Client ID(s) need to be whitelisted:

Client ID xxxxxxxxxxxxxxxxxxxxxxxxx.apps.googleusercontent.com

Application or service name(s):

Please list (your name or the app owner) as the owner.

...

-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Appscript embedded in Google documents that belongs to a Syensqo user should work as per normal post migration if the Appscript only requires [Google Sign-in] information.

If your Appscript requires more than [Google Sign-in] scope, it may be blocked due to security reasons. Please raise an incident ticket to have your Appscript unblocked. (Subjected to security guidelines)

Notes:

For new users who are executing the Appscript, they will be presented with a warning page. Users have to

1) Click "advanced" and select "go to script (unsafe)"

2) Reauthorise "OAuth"

Important:

We recommend users to make a copy of the Google document/Appscript to trigger a new creation of Google Cloud Platform (GCP) script container in Syensqo's GCP tenant. This will ensure the Appscript to be fully functional throughout the transition period

If this step is not done, the Appscript may be broken in the future when Solvay does a clean up in their GCP tenant.