Skip to main content
The AUTH service handles two actions: login for credential-based authentication and validateSession for verifying an existing session token. Endpoint: AUTH service — https://script.google.com/macros/s/AKfycbwATstMSSnuYZMeGEjI7Q5cznO6kA8rqLo7zNZLmu_f29qwcyt4Fucn5VIBdB9tMoRg/exec
The app stores the full user object in localStorage under the key gpsepedia_session. On each page load, checkSession() reads this and calls validateSession to confirm the session is still active before rendering the app.
Each role has a concurrent session limit enforced server-side: Tecnico = 1, Supervisor = 2, Jefe = 3, Desarrollador = unlimited. When the limit is exceeded, the oldest session is automatically revoked.

Login

Action: login Authenticates a user with a username and password. Returns the full user object including a new SessionToken on success. Usernames are matched case-insensitively.

Request

action
string
required
Must be "login".
payload.username
string
required
The user’s username (case-insensitive match).
payload.password
string
required
The user’s password (case-sensitive match).

Response

status
string
required
"success" on success, "error" on failure.
user
object
Present only on success.

Example

const AUTH_ENDPOINT = 'https://script.google.com/macros/s/AKfycbwATstMSSnuYZMeGEjI7Q5cznO6kA8rqLo7zNZLmu_f29qwcyt4Fucn5VIBdB9tMoRg/exec';

const response = await fetch(AUTH_ENDPOINT, {
  method: 'POST',
  headers: { 'Content-Type': 'text/plain' },
  body: JSON.stringify({
    action: 'login',
    payload: { username: 'jdoe', password: 'secret' }
  }),
  redirect: 'follow'
});

const result = await response.json();
if (result.status === 'success') {
  // Store the full user object as GPSpedia does internally
  localStorage.setItem('gpsepedia_session', JSON.stringify(result.user));
  const { ID, SessionToken, Privilegios } = result.user;
}

Validate session

Action: validateSession Checks whether a previously issued session token is still active in the ActiveSessions sheet. Returns { valid: false } — not an error — when the session is invalid or expired.

Request

action
string
required
Must be "validateSession".
payload.userId
number
required
The ID of the user from the stored session object.
payload.sessionToken
string
required
The SessionToken returned from a prior login response.

Response

valid
boolean
true if the session token matches an active session for the given user ID; false otherwise. Note: this response does not include a status field on the success path — only valid.

Example

const AUTH_ENDPOINT = 'https://script.google.com/macros/s/AKfycbwATstMSSnuYZMeGEjI7Q5cznO6kA8rqLo7zNZLmu_f29qwcyt4Fucn5VIBdB9tMoRg/exec';

const SESSION_KEY = 'gpsepedia_session';
const sessionData = localStorage.getItem(SESSION_KEY);

if (sessionData) {
  const user = JSON.parse(sessionData);

  const response = await fetch(AUTH_ENDPOINT, {
    method: 'POST',
    headers: { 'Content-Type': 'text/plain' },
    body: JSON.stringify({
      action: 'validateSession',
      payload: { userId: user.ID, sessionToken: user.SessionToken }
    }),
    redirect: 'follow'
  });

  const result = await response.json();
  if (result.valid) {
    // Session is active — proceed to load the app
  } else {
    // Session expired — clear storage and show login
    localStorage.removeItem(SESSION_KEY);
  }
}

Build docs developers (and LLMs) love

Get started for freeTalk to us