i wrote a project that work well with upload and download objects to/from Google Cloud Storage. I'm able to retrieve the content, the stream, the metadata, but when i get the 'mediaLink' of an object and paste it to the browser, i got this error:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "required",
"message": "Login Required",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Login Required"
}
}
the format of mediaLink URL is shown here:
https://content.googleapis.com/storage/v1/b/bucketname/o/folder%2Finsidefolder%2Fexample.txt
I'm authenticated in my website by the OAuth 2.0 flow, and all the objects uploaded on GCS are with a custom AccessControlList which i decided to set into "allAuthenticatedUsers" in order to give access only to user that are authenticated with my website.
Could anyone help me to solve this issue? Thank you so much
The media link is not inherently authorized. You need to authorize a download using the media link in the same way you'd authorize any other request: by including an appropriate "Authorization" header.
Without providing read permission to "AllUsers", the media link will not work in a web browser.
Also, "AllAuthenticatedUsers" does not mean users that are authenticated with your website. It means "anybody with any Google account."
Related
I'm getting the following error when trying to download files from my Google Drive folder using JavaScript.
{
"error": {
"errors": [
{
"domain": "usageLimits",
"reason": "dailyLimitExceededUnreg",
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup.",
"extendedHelp": "https://code.google.com/apis/console"
}
],
"code": 403,
"message": "Daily Limit for Unauthenticated Use Exceeded. Continued use requires signup."
}
}
I'm using googleapis library, version v3 with OAuth2 authorization.
My function downloads most of the files correctly but throws an error on some specific ones each time I run it.
The library itself prints cannotDownloadAbusiveFile error in the console but the response link shows the error above.
The acknowledgeAbuse flag is set to true. The files that this method refuses to download can't be downloaded from the web-interface either because of the viruses.
I tried changing the Google Drive user in OAuth2 to the creator of the files (it was just someone who has access before), it didn't fix anything.
Daily Limit for Unauthenticated Use Exceeded.
Means there is an issue with your authorization at some point you are sending a request with either a missing access token or an expired one.
As for cannotDownloadAbusiveFile you can set a flag in your request it should be one of the optional parameter's. acknowledgeAbuse='true' this will allow you to download files that Google has denoted as unsafe. If it contains malware though from what i recall only the owner can download that.
I am simply trying out curl examples from the GDrive API Explorer, specifically this call:
https://developers.google.com/drive/api/v3/reference/files/list
However when I copy the example and execute it with my API key, I get this error:
curl https://www.googleapis.com/drive/v3/files?key=AIzaSyCQfFNMxHVJRaTvXXXXXXXXXX
{
"error": {
"errors": [
{
"domain": "global",
"reason": "insufficientFilePermissions",
"message": "The user does not have sufficient permissions for this file."
}
],
"code": 403,
"message": "The user does not have sufficient permissions for this file."
}
}
When I try to get a single file using files/{fileId} with the same API key, it works fine and the file metadata is returned.
What is the deal here? Does listing require special permissions, or does API keys have limitations, or..?
Just a hunch, you are trying a file that is not public, that is why you are receiving 403:insufficientFilePermissions. To access this you must authenticate your request using OAuth 2.0.
You can check the documentation About Authorization:
Your application must use OAuth 2.0 to authorize requests. No other
authorization protocols are supported. If your application uses Google
Sign-In, some aspects of authorization are handled for you.
As I am using service account to share Google Drive documents, it would be nice to get in invitation email a company picture instead of the silhouette.
Is it possible to change somehow Google Service account picture?
I tried using the Google Admin SDK, but I get the following error:
404 OK
- SHOW HEADERS -
{
"error": {
"errors": [
{
"domain": "global",
"reason": "notFound",
"message": "Resource Not Found: userKey"
}
],
"code": 404,
"message": "Resource Not Found: userKey"
}
}
I tried this through the API explorer:
https://developers.google.com/admin-sdk/directory/v1/reference/users/photos/update
EDIT, the userKey is the email address of the account. In the service account case it is in the format:
account-name#project-name.iam.gserviceaccount.com
Get your service account to use delegation to impersonate and use a separate Google Apps account email address to do the document sharing. Set the photo in that Google Apps account.
We are using the Google drive API to allow our users to browse and select a file to use in a report. One of our users (the issue is not widespread) is getting an error(below) when attempting to get a list of files.
JSON body returned from Google:
{
"error": {
"errors": [
{
"domain": "global",
"reason": "forbidden",
"message": "Forbidden"
}
],
"code": 403,
"message": "Forbidden"
}
}
Which is a bit confusing as it is not one of the listed errors here: https://developers.google.com/drive/web/handle-errors
Does anyone have any ideas on what might be causing this? Thanks for any insight!
It turned out to be related to this question: Getting a 403 - Forbidden for Google Service Account
This user's company did not have Google Drive as one of their activated apps.
This error also occurs if you disable the Google Drive setting called "Allow users to install Google Drive apps". This might be a good thing to check if you are certain that Google Drive is already enabled.
I have two users: admin#example.com ("Admin") and user#example.com ("User").
"Admin" owns a Google Drive folder (let's say the fileId of the folder is "F1234"). "User" is a member of a Google Group which has read-only ("Viewer") access to the folder.
In the Google Drive Web interface, "User" can open the folder F1234, and "User" can click on the "star" button to put the folder in the "Starred" list. So far, so good.
Now I want to write an application which sets the folder as starred. So, I log in as "User" and I go to the Google Drive API Explorer (https://developers.google.com/drive/v2/reference/files/patch) and I give the API explorer the OAuth token to execute requests on behalf of "User". I send a "patch" request to set the folder as "starred":
PATCH https://www.googleapis.com/drive/v2/files/F1234?fields=labels%2Fstarred&key={YOUR_API_KEY}
Content-Type: application/json
Authorization: Bearer xxxxxxxxxxxxxxxxxxxxxxxxxx
X-JavaScript-User-Agent: Google APIs Explorer
{
"labels": {
"starred": true
}
}
But this request fails, with a "permission denied" type of error:
403 Forbidden
{
"error": {
"errors": [
{
"domain": "global",
"reason": "userAccess",
"message": "The authenticated user does not have the required access to the file F1234",
"locationType": "header",
"location": "Authorization"
}
],
"code": 403,
"message": "The authenticated user does not have the required access to the file F1234"
}
}
I checked that this very same request works fine with a folder owned by "User", or with a folder not owned by User but where "User" has read-write access. So it really looks like the request fails because of the read-only permission, but this is not consistent with the behavior of the UI ("starring" a file is not a modification, so it should not require write access).
Am I missing something or is this a Google Drive API bug ?
This behavior has been reproduced.
I will report this for you.
Sorry for inconvenience.