I used to run a script that would back up various files and put them in my GDrive. Simple bash, really. By "putting them in GDrive" I mean it would simple move the files to ~/Google Drive/ which would be picked up by my laptop.
I'm trying to build a similar app that will upload certain files to my Google Drive. It should be started by me, save the auth details and then start uploading. This must also run from the command line. However, there is no Google Drive client that will pick up the files. I must upload the files myself.
Currently, I'm having trouble with the OAuth2 procedure. I've set up a project on cloud.google.com, I have the keys, the library ready and the scopes set up, but Google keeps refusing my request. I've enabled both the Drive API and the Drive SDK.
The error I'm getting is:
{
"error" : "invalid_scope",
"error_description" : "Not authorized to request the scopes: [https://www.googleapis.com/auth/drive]",
"error_uri" : "http://code.google.com/apis/accounts/docs/OAuth2.html"
}
No matter what I try, I cant get this scope to work. Other scopes work fine. Trying to find what could cause this is impossible, the Google searches I've tried are muddled.
These are the scopes I'm requesting:
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
What am I missing?
I've managed to get access using the following scope instead of https://www.googleapis.com/auth/drive:
https://docs.google.com/feeds
From the manual:
Full, permissive scope to access all of a user's files. Request this
scope only when it is strictly necessary. Tokens with scope
https://docs.google.com/feeds are accepted and treated the same as
tokens with scope https://www.googleapis.com/auth/drive.
I tried it, and it worked.
Are you sure you enable the API's for Google Drive API, Drive SDK, Google+? You have to do this in order to use those scopes from Google Developer Console
Related
I have been running GDrive API v3 using our Node.js API for awhile now (1+ year), and everything has been functional for creating (drive.files.create) & reading (drive.files.get) DOCX files through the Google Drive API logic using a service account. Everything has been working perfectly fine.
Today I am trying to extend our infrastructure to handle some generic Google Docs files (rather than the existing DOCX stored within GDrive) using the same service account, but the GDrive API is now returning a 403 "Forbidden" error for these files specifically. I can't seem to figure out why there would be a difference in permissions for two file formats that are within the same service account (is the owner of both) and are using the same OAuth token system that I set up originally. The service account itself created the file, so I am a little shocked that it can't then access the same file using the GDrive API.
My question is, is it not possible to use GDrive API to access Google Doc files, even when the files are within a GDrive folder? I can't seem to find any definitive information online on whether we specifically have to use the Google Docs API to access Docs files (seems silly if true). If it is possible, is there an alternative SCOPE that I need to assign to this service account to access Google Docs items specifically? Right now the only SCOPE assigned is https://www.googleapis.com/auth/drive, which according to documentation should be enough to access all of our GDrive files.
I can share some code, but there is not exactly a lot more than what I explained above. I would like to not have to entirely re-do my GDrive OAuth permissions if possible, as that took me a long time in the first place, but if that is the only way, I would love to hear suggestions.
Thanks!
I need to edit Google Drive files created with my nodeJs webapp and owned by me or shared with me.
Using "https://www.googleapis.com/auth/drive/file" scope I can edit files owned by me.
To edit also files shared with me I must use "https://www.googleapis.com/auth/drive" scope. But this scope sends a very scary message to users on login: "This wil allow xxx to: see, edit or delete all of your Google Drive files" (bold is mine).
I don't want to delete your files and I don't want to edit all of your files: is there a way to reach my goal with a less scary scope?
The only alternative to the drive scope, if you want to edit the files, is drive.file, which gives access to files that you have opened or created with the app (ref).
Since this is not an option for you, I'm afraid you'll have to use the scary scope.
Feature request:
Considering your situation, I think you might be interested in this Feature Request, regarding the possibility to restrict access to a specific folder. I think that could be very useful for you if it got implemented. I'd suggest you to star that issue, both to keep track of its development and to help prioritize its implemenation:
Drive Restrict access to folder when authorizing applications
Related:
Google Drive API: 404 when accessing file someone else created
Google Sheet OAuth scopes to only access a few files?
I have installed a google sheet add on, which uses https://github.com/googleworkspace/apps-script-oauth2 library for authentication. I am able to install the add on without any issues but once I try to login I am getting this error.
Library with identifier OAuth2 is missing (perhaps it was deleted, or you don't have read access?)
Library with identifier OAuth2 is missing (perhaps it was deleted, or you don't have read access?)
So I tried a couple of settings in the admin console and I figured out that there is a setting which is working.
Functional drive and docs sharing setting
But I don't want folks outside our org to be able to share drive files with us, so we have restricted it to domains we recognise for security reasons.
Restricted drive and docs sharing setting
Now this setting is throwing the above read access error message, is there a way to solve this with our restricted "drive and docs" sharing setting?, which domain can we whitelist to avoid the above error?, where are the third party libraries in apps script accessed from.
I tried whitelisting domains below, but these do not seem to work.
whitelisted domains
I have tried without much success to integrate my web application within the Google Drive UI (to open files). I cannot get the app to install using the OAuth scope https://www.googleapis.com/auth/drive.install.
I was wondering if anybody could share their Drive SDK configuration to see if I missed something. I tried installing my app using the Google API Console by selecting the Drive Integration to automatically authenticate. I also tried manually making the OAuth request using the google-api-client gem.
I always get the permissions dialog and I can see the following being requested: Add itself to Google Drive. I also get redirected back to my application like a normal OAuth request, but the application is never listed in Google Drive.
I have been requesting the following scopes:
https://www.googleapis.com/auth/drive.install
https://www.googleapis.com/auth/drive.file
profile
user
Allowing Import and these Secondary MIME Types:
application/vnd.google.drive.ext-type.html
text/html
I followed the documentation here: https://developers.google.com/drive/web/enable-sdk
Thanks in advance for any help!!
I was able to solve this by modifying my OAuth flow. It wasn't exchanging the authentication code for an access token before. Once I made it to that point everything worked as expected.
My issue was, that I didn't have this set:
Allowing Import and these Secondary MIME Types:
application/vnd.google.drive.ext-type.html text/html
I'm working with Google Spreadsheets, so I need a mime type that a sheet can be converted to, such as text/csv, see https://developers.google.com/drive/api/v3/integrate-open#open_and_convert_google_docs_in_your_app
I'm working on a Google Drive interface for Emacs. The concept is that Emacs could provide a platform-agnostic way to load, modify and save text documents stored in Google Drive. I've registered my app and can authenticate with OAuth2 and get a file listing with the Docs List API, but when I try to execute an Insert with the Google Drive API, I see an error:
"The authenticated user has not installed the app with client id ..."
Reading further, it seems I need to publish my Emacs application in the Chrome Web Store to get access to the Drive API. That doesn't make sense to me...I noticed that there is a FUSE project in development for Google Drive, which suggests that native development is possible. When I skimmed the code, however, I didn't see a Chrome Web Store component to getting it working.
Am I trying to misuse the API, or is there an route to make this work that makes more sense?
EDIT:
According to Ali Afshar, of the Google Drive team, installation is no longer required to use this API. So what follows may no longer be relevant, but will be left for historical purposes.
So, first off the API does not support application development in the sense that we are both doing it, I wouldn't use the word native though. The good news is I have been doing some research and Google Drive is really just a rebranding of Google Docs. So the Google Docs API could be a good choice as well for the same purposes.
Anyway, here's the steps to solve the error: "The authenticated user has not installed the app with client id ..." Which is a 403 error, for the sake of this answer. These steps assume you have set up an app in the chrome web store as is required, and installed it. I am working on my local machine too, with my project: http://github.com/tom-dignan/gdrive-cli which I have gotten past this error, so I think you should keep plugging away at your emacs version, because I think we can make this work.
a. Open the Google APIs console.
b. Confirm you've already enabled the apis under "API Access" both the API and SDK for Google drive should be enabled. There you get your client secrets/api keys and such. I am almost positive you've done this already, so go ahead to C. (this is here for others who may have missed it)
c. In the left navigation bar, under "Drive SDK" you will need to do the following:
Add a "Support URL" (required)
Add at least a small 16x16 application icon (required)
Add "OAuth Client ID (Required)" under Drive Integration (I was just tinkering and this seems to be the key field.)
Add "Open URL (Required) URL to open for your app from the google drive UI."
Check off "Multiple File Support"
Add some MIME types and file extensions, "text/plain", and txt for example
Add the the auth scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Don't bother trying to add the auth scopes for Google Docs here, because it won't work. Google does not want us to use it that way because files that drive apps create should be private to that app. Integration with Google Docs will have to be separate.
Now I know you must be thinking "why do I have to add some of these..." It's because the form makes them required fields. In mine, I put a couple URLs that point to static HTML pages.
Once you've done the above, clean up your state and reinstall your chrome app. Then try your code again, and it should stop giving you a 403.