How can I access app data from a browser addon? - google-drive-api

I want to add Google Drive integration to a browser add-on I developed. Basically I want to share user settings between devices, and the settings files are too big to fit inside the 100KB limit for the storage.sync API.
But when I go to my API console and try and activate permissions for the Drive API, I get this:
Browser apps (and Android apps) aren't allowed to access app data. That's not just a warning, you actually can't continue the process until you choose a different platform. Weirdly, I can go ahead if I select "User data" (so user data is less sensitive than app data??)
What I like about app data over user data is that, if I understand correctly, app data goes in a hidden folder uniquely tied to your app, whereas user data goes in the actual user's drive. I don't want my app to have access to the broader drive, I don't want to risk messing their data up and I don't want them to see my app's config files every time they access their drive.
How can I get this "hidden folder" behavior from a browser addon?

Try the solution from this related SO post.
To be able to use your Application Data folder, request access to the following scope:
https://www.googleapis.com/auth/drive.appdata

Related

How to use preview image or PDF from Google Drive, using API?

I'm writting Web application to display content of Google Drive images and files, using API.
Currently, I can only see thumbnails of images/files (without login to Google drive).
If I want to preview the file, I need to be logged into Google drive and then I can use link returned by "webViewLink" and actually see the file.
I know I can click on folder or file on Drive and Share it, but I'm afraid that my customers will not be able to do that and it is complicated, anyway.
I already displaying Google dialog to customer where customer need to allow access to upload,delete etc. of files and now he can not preview the file???
Application is designed to display image/whatever to customer only, inside app only and not to sharing. With other words, I want to display images which he can see anyway if he is logged to Drive.
Is there any other option to allow customer to preview the file, if he already allowed full access previously?
Thanks.
Authorizing with OAuth does not automatically log you in. Users use their credentials to give their permission to create an access token, which needs to be used in any API calls. It does not imply that a browser session was created, that's a separate process.
You'll notice that the webViewLink is just the regular Drive URL with /view at the end. It's a page that requires the user to be signed in:
"webViewLink": "https://drive.google.com/file/d/<FILE-ID>/view?usp=drivesdk",
I'm not aware of any methods to sign in the user at the same time they use OAuth, but if you send your access_token in an Authorization: Bearer <access_token> header when trying to access the above URL you can see the preview without having to sign in. Depending on your platform I think implementing this would be tricky, and maybe not possible in Apps Script alone.
My recommendation as a workaround is to just use a full thumbnail. Don't know if you're aware of this, but the thumbnail URL has a =s parameter at the end that defines its height in pixels:
"thumbnailLink": "https://lh5.googleusercontent.com/<THUMB-ID>=s220",
You can change the default =s220 at the end to a higher size or remove it completely to get pretty much the full size of the image or PDF page. This may be enough for your users to figure out what the file is.

Directory sandboxed access for Google Drive / Dropbox API / RemoteStorage apps?

Is there a way to get sandboxed, user-selected directory access on any major file service without first getting read level access to their entire filesystem?
There's a lot of talk about "unhosted" static webapps that allow users to access their data from a 3rd party file service (Google Drive, Dropbox, their own server, etc.). The most notable effort I've found so far is remoteStorage.io, but there doesn't seem to be a way with any major provider to let the user select a directory and then use that as a sandbox without breaking their trust (i.e. getting read access to all their files first).
From the user's perspective, the webapp shouldn't have access to anything else on the remote file storage except the one folder the user grants it access to (for example, I might grant a text editor access to my FunnyJokes folder).
The current work around seems to be having the webapp force a specific folder name ahead of time ("this app wants access to /appname_notes"), but that rules out letting the user point it to where they may already have their notes.
Does anyone know of a nice way to do this with Google Drive, Dropbox, or the like?
The user experience that makes the most sense to me is something like...
User opens an unhosted webapp (for example, a basic text editor TextyApp). They click a button to connect with their data.
3rd party auth page appears (for example, Google Drive) and it says "The app TextyApp has requested read/write access to your files. Please select a directory to use."
Confirmation screen: "Grant read/write access to folder FunnyJokes for TextyApp?"
The page redirects back to the webapp with sandboxed accessed to the user-specified folder and the files within it.
This seems like how remote file storage should work, but I haven't found a way to do it yet. Any thoughts/suggestions would be great!
Cheers,
Adam
Edit: To clarify, I'm not talking about storing hidden "application data", but instead letting the user specify a particular directory to sandbox for use with a webapp that they may not want to give broader access to.
The Dropbox Apps API provides the ability to restrict any app using your API key to a single directory of your Dropbox account. So users could create an API key with access to a specific directory and then plug that into your app. However, that's not a user-friendly workflow.
I think the Dropbox Drop-Ins Chooser/Saver API might be close to what you want. The user is presented with a Dropbox file selection popup, and your app only gets access to the specific file(s) that the user selects.
With remoteStorage, sandboxed directory access is currently the default way for apps to request (and users to grant) access to the storage. However, users cannot manually select or enter custom directories during the connect phase.

WinJS - How to access whole folder tree without FolderPicker

I'm building a Store App using WinJS and I need to create a structure with some info related the user's tree folder (every drive, not only C:), is there any way to get the whole Folder structure from every drive without using the File/FolderPicker?
No, by design Windows Store Apps run inside an app container that limits what they're allowed to do without user consent. The only areas of storage that are openly accessible without further consent are the app's package location (which is read-only, see [Windows.ApplicationModel.Package.Current.installedLocation][1]) and its app data folders (see Windows.Storage.ApplicationData).
If the app declares library access in its manifest (for Pictures, Videos, and Music), these are noted on the app's page in the Store such that the act of installing the app amounts to user consent. There is also a RemovableStorage library that's similar, but for that you have to declare specific file types.
If an app is registered for a file type association in its manifest, and the user launches the app through a file, that grants access.
Beyond this, the way you get access to any other storage location is through the pickers. However, if you have the user pick once, you can save that consent by saving the StorageFolder into the Windows.Storage.AccessCache API, so that you can open the folder again in an future app session without having to reacquire consent.
For all the details of this, refer to the first section of Chapter 11, "The Story of State, Part 2: User Data," of my free ebook, Programming Windows Store Apps with HTML, CSS, and JavaScript, Second Edition.

How can we add a file to a user's files.list via the sdk?

We are having issues where sometimes a file that a user can access is not returned when the user issues a files.list. This can happen in many ways. For example, new members of a Google group will not see previously shared files, as described in this question. Moreover, acording to Google documentation there are other limits on sharing which can prevent shared files from appearing in the "Shared with me" view. Finally, a user can issue a files.delete on a file she doesn't own, and the file will disappear from files.list but will still exist.
What can a user do via the SDK alone to cause a file which she can access via files.get to appear in the list of files retrieved via files.list? We are using a service account which impersonates users; the user never authenticates to Google via a browser. A link in an email that the user needs to click won't work for us, unfortunately. Accessing the file via the Google Drive UI has the desired effect, but the analogous files.get call does not.
The Google Calendar API explicitly exposes a CalendarList interface where a user can issue an insert to add an existing calendar to her list. The Google Drive SDK seems like a hybrid Files/FilesList interface with some of the functionality missing (nothing like FilesList.insert) and some of the functionality mixed together (issuing a delete as a non-owner acts like FilesList.delete but issuing it as the owner acts like Files.delete).
If we can't manage the user's files list programmatically then it is not useful for our service. We could ignore the files.list call entirely and just start recursively performing children.list queries on all shared folders, but this is incredibly expensive (unless someone knows how to issue a single query which returns all the Files resources in a folder and not just the IDs of those resources).
Any help would be appreciated. We've been trying this many different ways and have been frustrated at every turn. Thanks!

If I use the Google Drive SDK in my app is it possible to hide the saved data from the user?

I want to use the Google drive sdk to save data from my app in the user's own Google drive account. This will mean that the developers of the app (i.e. me) won't have access to sensitive data that the user is storing.
I have found some docs about how to do this (the app will be a Google app engine app) but I was wondering if I can lock this data or hide it completely so that a user can't go in and edit the data and possibly cause problems.
I know that Android apps that use Google drive do not leave any visible files that I can see when I go to my drive account.
Thanks
When creating the file, set the hidden label to True. This will hide the file from most user views. Note that it doesn't completely prevent the user from finding and modifying the file if they own it.
If you need the file to be uneditable by the owner, your app will need to own it and only grant the user view access.
In Google Play Services 4.3, they added an "Application Folder." This is designed to allow applications to store data in a user's drive without allowing them to modify this data. It's available for android and web, don't see it listed for iOS.