Google Drive help required access to own Drive account - google-drive-api

I want to access my own google drive on web page but allow anyone to upload files and restrict download access or show only limited file to user for downloading.
Drive API assumes that I will access another users credentials.
But what I want is opposite, anyone can view my files (restricted what to view) but is free to upload.
I have google nearly 6+ hours and didn't found any solution
Any Help Appreciated
Thanks

You say "Drive API assumes that I will access another users credentials" but this isn't correct. Calls to Drive include an Access Token, and it is that which determines which Drive account the call will access. Drive makes no assumptions about how that Access Token was obtained or which account it refers to.
All of the examples show how an Access Token is obtained for an end user, since that is the more complex flow. Your requirement is very much simpler.
All you need to do is:-
Obtain a refresh token (see How do I authorise an app (web or installed) without user intervention? (canonical ?))
Store that refresh token in your PHP application. Make sure it's secure
When you need to access your Drive account, use the refresh token to obtain an access token as described at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh

Related

Drive API multi login iframe issue

I am using drive api in my app and it works well , but sometimes when multiple users are logged in and I try to open a file in the browser with the link fetched via drive api I see the error message "You need permission. Want in? Ask the owner for access, or switch to an account with permission. Learn more" .
Steps to reproduce :
login to google drive with one account.
login with a second account and use drive api.
when you try to open public files you get that error.
If you add access token in url it seems to resolve the issue but thats a security risk. If you add authuser param to url that also works, but I can't find a way to get current user's authuser param.
Any help is appreciated.

Store file on google drive from server

I 've the follow simple scenario:
a server of my boss
some costumers with google drive accounts
so I'd like to transfer daily some files to costumers google drive...
My question is: if a customer have pc disconnected or is not logged to my site is possible from my server upload a file into costumer google drive?
And if yes there's a limit of user or daily transfer?
p.s.
better if I can use A Google Drive spreadsheet and update data
thanks
Yes it is possible, but there are many steps in between.
1.- You would need an application, so you can perform this operations through your app. check the documentation.
2.- You would need to set the offline access, this way you will be able to upload files even if the user is not logged. Oauth Offline access.
3.- The users (customers with Google Drive account) will have to authorize your application to access their Drive accounts. After this you will be able to get an access token and a refresh token.
4.- With the refresh token you can refresh the access token (it expires after an hour) without having the user to login again and get a new access token. (you have to store this refresh token)
5.- Now you can call the function Drive.Files.Insert in order to upload a file into the customer's Drive. When calling this function you need to provide the access token related to the user.
6.- There are limits that apply to the API. These quotas are against the application. If you make too many calls to the API, you may reach these limits for your application. You can check these limits in the Developer Console of your application.
I hope this helps. I know it's a lot of information but is the procedure you need to follow.

How to prevent suspended Google account to signup

I am integrating ASP.NET application using Google Drive API. For this after authentication we re uploading Files to Google drive. I am using Google client library to Call the APIs.
Everything is working as expected I am able to authenticate user successfully and able to upload the file successfully.
In one scenario when the user Google account is suspended then I am getting refresh token from Google but my upload method is failing and it is not uploading the file to Google drive.
I want to restrict the user on Signup screen itself, when account is suspended.
What parameter do I have to pass to achieve this please suggest?
Unfortunately this info is not easily available. You have two options :
Use the Directory API to see if the user is suspended. This requires additional OAuth permissions to be provided by an admin of the domain.
At login, try and perform a Drive API call to see if you get an error or not. If you get an error (with a couple of retried) and the error message matches the one you had for suspended users, then you can deny access to the user.

Second authorization with same scope and offline access_type has unexpected permission dialog

If I specify access_type=offline in the auth url and a user attempts to auth a second time I get a box that says it is asking for offline access.
I would have expected it to be already authorised and so not require additional permissions
Any ideas?
Edit:
A bit more info. The first time around it makes no mention to the user of needing offline access. I would have thought the offline permission to be mentioned in the original auth anyway.
Edit 2:
Some more info on my use case. It is possible in our system for a person to have two accounts but then use the same google drive account. This means that we have no way of knowing that user has already authorized with google and so have to present the authorization again for the second user.
The first time around (for user 1) you are told that the app is asking for :
View and manage Google Drive files that you have opened or created
with this app
View and manage the files and documents in your Google
Drive
The second time around (for user 2) you are told the app is asking to:
Have offline access
This seems wrong to me.
As an aside:
The whole "have offline access" statement is very confusing for a user and also quite misleading. Most people assume this means the app can read the contents of your pc. In fact it means that the app can authenticate with your account with out you being there (i.e. using a refresh token).

Automate the oauth authentication without browser in cron utility

I am trying to upload some documents on Google drive, i want to run a cron script which is executed at mid night every day and the files generated as a result of it should be uploaded on the uses Google drive.
I tried the standalone script, which uploads document on Google drive, but for that i have to every time do allow access via browser.
However my purpose is to run a cron and upload the files, at the time the cron executes there will be no browser access.
Is there any way i can do the authentication process without manual intervention.
any help in this case would be really appreciated.
THanks,
you can authorize your App(script) with Google Drive.
Here, you mentioned you are writing a script which upload docs to your Google Drive.
I suggest you register a app in Google Cloud Console to get client ID and client Secret firstly,
and turn on Drive API for you registered App.
Then use this client ID and Secret to run oauth flow in your script to get an access token and refresh token, the access token's lifespan is about 3600s, and if it's expired, you can also get a new one with the refresh token.
User's interaction(consent) is required only in the first time you request access token.
In this way, your script can work in "a real script way".
Here are some reference:
https://developers.google.com/drive/about-auth
https://developers.google.com/accounts/docs/OAuth2InstalledApp?hl=zh-CN
I am assuming its only one user drive account you are uploading to. Have you considered using a service account fo this? https://developers.google.com/drive/service-accounts
If its not a single user account you are uploading you can just save the refresh token some place and use that to get a new authtoken every night.
Hi i figured the problem,
i was generating refresh token from oauthplayground and was trying to integrate it in the php script....which was invalid......
I then printed the refresh token returned for the first time when a user allows access and used that for future generation of access token and it works like charm. thanks All for help