I am building an app that functions as a markdown editor, and have Google authentication / login functioning. I have users asking if they can choose to have their documents save to their google drive rather than to my servers, which seems to work fine via the Google Drive v3 API, saved to the app data folder.
However, users are also able to generate a collaborator link for others to visit and which allows them to edit the files as co-owners. I would like to maintain this sharing capability with the Google Drive files, but this (very old) answer suggests that sharing in this way may not possible with files in appdata, because:
Appdata content is supposed to be exclusive to the application.
Does this mean that, as long as my users all access these files exclusively via the app, sharing appdata between users is possible? Or is the appdata folder exclusive to the application and the user? If so, is it at least possible to share editor access to google drive files created by my app but outside the appdata folder?
I'm imagining this process:
User1 creates a file in my app and then my app saves it to his Google Drive (preferably in appdata)
User1 generates a collaborator link via my app, gives it to User2
User2 visits the link which opens User1's file within my app, edits it
User2's edits are saved, and my app updates the original User1's file via the API
Question:
"Or is the appdata folder exclusive to the application and the user?"
Answer:
Yes, it is exclusive for your app on their Drive.
Notes:
Use the AppData folder for Application Data, not User Data.
If the file is created by your app, and you want to store it in the user's Drive, you can use the https://www.googleapis.com/auth/drive.file scope. You app will always have access to that file because it was created by it.
Keep in mind that if your app requires restricted scopes you will have to go through verification.
Related
Google recently announced that to access certain files on google drive my application should use a resouceKey along with the fileId when trying to access google drive through Api. When I checked the files in my google drive I find that not all files have the new resourceKey. I uploaded a new file and that too does not have the new resourceKey.
This lead me to wonder as to what criteria should a file satisfy to be requiring the new resourceKey?
Basically, the resourceKey is required for users who have not been shared the file specifically with them (that is, files shared with Anyone with the link or Anyone in the domain, but not shared with that user specifically) and which haven't accessed that file previously.
Because of this, files that you own, files that you have accessed before, and files that have been shared with you specifically don't require a resourceKey.
You can check the details of the impacted files on the alert center.
Reference:
Update to some Google Drive file links, admin decision recommended before July 23, 2021
Decide how to apply link-sharing security update to Drive
Access link-shared files using resource keys
I'm googling and debugging for days now, and did not find a solution, how to access all files on google drive in the folder created by my application.
I'm using v3 API with non sensitive permission drive.file. This means I can create folders, and create and list files in it. But I only see (list) files which were created by the application. If the user copies some other file into the folder created by the application, it is invisible for the application, and I did not manage to set permission either on the web client, nor in the application.
I don't want to set all files permission to my app, since I don't want to access anything in the user's drive, just in my folder, but there I would like to see also files, the user copied there.
The files are settings/schema export of my application, which the user might move between users with different google account.
Is it possible? How could I list all files in the app data folder? Is there a way to share a file with an application on google drive? Can the user do it manually (like copy the file there, and then set some kind of permission to the application, so it can list/download that file)
Thanks!
I work for an un-launched startup that handles a large amount of user media. We are looking to integrate Google Drive as a way for a user to store that media.
Is it possible to have read/write access to a user's Google Drive, after obtaining their permission via OAUTH2? More specifically the ability to create folders on their drive and access them for read/write scenarios.
We would also need to be able to generate direct links to their photos, videos, etc.
We've successfully integrated with Dropbox in this manner and would like to offer Google Drive as an alternative. Are these scenarios possible with Google Drive?
Yes, this is absolutely possible.
You will want to read about our Auth Scopes and determine what the minimal set of scopes are that you need to operate. As an example, drive.file scope will enable you to create files & folders, read them, as well as read/write any existing files that a user explicitly opens with your application.
The 'explicitly open' part can be handled in 2 ways. You can register an 'Open' action for your app in the Drive UI for certain file types and you can use our 'File Picker' widget in your app to enable the user to select which files to open/grant access. You can read about opening files in our docs
Context
I'm building a php web app that needs to upload files to a Google Drive which belongs to a user (let's call him Bob). I used a Google Drive service account (let's call it service#gmail.com).
Bob created a folder ("uploads") in his Google Drive and shared it with service#gmail.com.
The service account (service#gmail.com) can user the Drive API to list the files in that shared upload folder and upload files to it. The uploaded files show up in Bob's Google Drive as well. So far so good.
The problem
The owner of the files uploaded by service#gmail.com is service#gmail.com, as one could expect. This has the following consequences:
Since service#gmail.com is the owner of the uploaded files, they count against that account's quota. However, Bob purchased increased space for his Google Drive and wants the uploaded files to count against his quota to not run out of space in the service account.
When a file previously uploaded by service#gmail.com is deleted (by Bob) from the shared upload folder, a few things happen:
The deleted file does not show up in the uploads folder for either user.
Bob can still see the deleted file in his "All Items" view.
The deleted file still chows up when the service account lists all files through the API but it doesn't have any parent (i.e. it's orphaned).
When getting the deleted file details through the API, it shows that it's using up quota.
What to do?
How can this use case be handled (cleanly)? I see 2 possible solutions:
When uploading a file, set the ownership to Bob. Is that possible? This does not work! First, it doesn't work with uploaded files for regular account. Second, the service account has an email #developer.gserviceaccount.com while Bob's account has #gmail.com. from the doc says:
Google Apps Customers: You can't make someone outside of your domain the owner of your Google Doc. Only Google Apps customers in Premier, Government, and Education domains can transfer ownership of a synced or uploaded file (like a PDF or image file).
Consumer Drive users: You can't transfer ownership of a synced or uploaded file (like a PDF or an image file).
Don't use a service account and have the web app use Bob's account directly instead. This does require getting an OAuth access token for Bob however. Also, using a service account with a shared upload folder allowed me to restrict the access of the service account to only the upload folder.
Periodically search for orphaned files in the service account to clean them up. This however does not solve the issue of the quota used for the non-deleted files...
Please help!
Info regarding offline access and access tokens
I think that you should see this page: Perform Google Apps Domain-Wide Delegation of Authority. This page shows how to use SA to invoke requests in behalf of Bob user. This page contains Java code which describes how to create Drive object for Bob. Using this Drive you will be able to upload file and the owner of the file will be Bob not service#gmail.com. I am using this method a lot and it works for me.
There's a nice feature on google drive that allows an application to store data not visible for users.
https://developers.google.com/drive/appdata
Is it possible to share this application data between users, just like other google drive files?
Larsi
You can't share appdata files within the Drive's existing permissions model. Appdata content is supposed to be exclusive to the application. If you try to change permissions for an appdata file, you'll receive a 403 with the following error message:
Method not supported for appdata contents