In my Apps Script project, I'm trying to loop through folders in My Unit using DriveApp.getFolders(). When the code reaches while(folders.hasNext()), I get the following error:
"The feature you are attempting to use has been disabled by your domain administrator."
However, Google Drive service is enabled for all users on the domain.
Is there another security setting I need to ask the domain admin to enable?
You need to enable "Drive Apps" as well.
Related
I have created a marketplace app to capture google drive changes.
Enabled two API & services.
1) Google Drive API
2) G Suite Marketplace SDK
Added required content in marketplace SDK and it is published via google chrome tool. So, got a marketplace app url which I can share with others and can install app in their domain.
With this app url I have installed an app by clicking on "DOMAIN INSTALL" button.
In order to receive notification of each drive changes my script is trying to create a channel for each user under this domain But, channel is not getting created. It shows error called "invalid_grant"
So, I took another approach to add marketplace client id and scope permissions under Admin Console->security->Advance Setting ->Manage API client access manually.
Now, I am able to create a channel for user in domain and can access drive files content.
Please help me to figure out that why I am not able to get permission while installing a published G suite marketplace app?
Thanks you.
I am trying to enumerate group members from Google Apps Script using the following code:
AdminDirectory.Groups.get("scouts#troop1313.com")
and getting this message
Access Not Configured. The API (Admin Directory API) is not enabled for your project. Please use the Google Developers Console to update your configuration. (line 65, file "Code")
I already authorized the script/project by running it directly from the online IDE but that did not help.
The project key is Mcdd3jWb8x_CBgWbrqpOo7WzCrlavxzZ2 and the function I am calling is getFolderContents.
Just a head up, Admin Directory API renamed to Admin SDK on API Manager.
Find that API and enable it helps solve the problem.
For advanced Google API's like the Admin Directory service you need to enable the service within your Google account's "developer console".
This authorisation is required in addition to the stock Apps Script authorization dialogues you mention in your question.
See the instructions here:
https://developers.google.com/apps-script/guides/services/advanced#enabling_advanced_services
I'm trying to make a service that runs on a webserver and can upload files to Google Drive,
so that people can sync the files to local-drive using the Google desktop application.
So I tried the Drive API but it requires a webbrowser to authenticate.
This would be a possibility, but I don't know to get the access token programmically.
Even if I had the access token, I wouldn't know if it just works forever.. It seems to have an expire date?
I wouldn't want the service to suddenly not working, because the token has expired.
Than I learned about Service Account, and finally got it working, but it seems to have its own space that i can only access with the service account.
I don't know how to share the files from the service account to a regular account, as people need to sync it locally.
So a found a video about user impersonation, in which he showed a page about given access to a service account to impersonate another user.
But i don't know where to find this page.
Looking at: http://support.google.com/a/bin/answer.py?hl=en&answer=162106&topic=2759255&ctx=topic
It says it's in Advanced Tools > Manage third party OAuth client access (under the Authentication section).
But where is the Authentication section? Do I need to create a Google App to do this?
The question is: How upload files programmically to Google Drive without any user intervention, so that they can be synced locally with the drive desktop-application.
Can I authenticate with just Google account username and password instead of using OAuth? If not, is it planned to support this kind of authentication in the future versions of Google Drive API?
I am currently using Google Documents List API which allows to authenticate with just username and password. So I am wondering if I can I do the same thing with Google Drive API.
Are there any reasons you cannot use OAuth 2.0 as your authorization mechanism?
Client Login is currently being deprecated and it would be better for you and your users to use OAuth 2.0.
There are multiple code samples available in the Drive SDK documentation as well as in the various client libraries project page to help you get started.
If you are running a server application, consider using a service account with OAuth2 and the Drive API. This will allow you to run the app on a server without a user having to provide OAuth2 credentials on the console or through a UI. You can also do impersonation if you want your app to act on documents with a specific account.
GoogleCredentials credentials = new GoogleCredential.Builder()
.setTransport(HTTP_TRANSPORT)
.setJsonFactory(JSON_FACTORY)
.setServiceAccountId("[[SERVICE_ACCOUNT_EMAIL]]")
.setServiceAccountScopes(DriveScopes.DRIVE, DriveScopes.DRIVE_FILE,
"https://www.googleapis.com/auth/userinfo.email",
"https://www.googleapis.com/auth/userinfo.profile")
.setServiceAccountPrivateKeyFromP12File(Auth.keyFile)
.setServiceAccountUser("[[impersonateduser#domain]]")
.build();
credentials.refreshToken();
I've found this blog post somewhere (possibly here): http://blog.databigbang.com/automated-browserless-oauth-authentication-for-twitter/.
I know it is regarding Twitter, but it uses the same method, so I reckon it just needs a little tweak in the names. In short: if the script is run only by server, install Jython + HTMLUnit, simulate user going to the generated authorization link and clicking 'allow access' button and get token.
Use Case
As admin service account, transfer Document Ownership using the Google Docs API, similar to the built in cPanel "Advanced Tools" -> "Document ownership transfer"
Constraints
APIs are being invoked in context of a Google Apps admin service account rather than the end-user account since APIs are being invoked from Google Apps Script in Sites page
Authorization is OAuth 1.0 since this is what Apps Script supports
What works:
Transferring ownership of the admin service account's own files to another user's account as documented here
What is required:
Transfer ownership of another user's files, ideally without them sharing any permissions with the admin service account; if there's no other way of doing it, they could share edit permissions on the file with the admin service account.
Currently this returns a
" ServiceException - You do not have permission to share these item(s):"
What you're trying to do is possible by impersonating the user using the admin account. The documentation shows how to do this here.
Essentially, start by requesting the API URL with default replaced with the current owner's email address. The request must be made while authorized as the admin user, though.
https://docs.google.com/feeds/user#yourdomain.com/private/full/
Once that URL is requested, all feed URLs will be returned with that email already present. Then, simply change ownership as you would normally.