Opening file from google drive always requests offline access - google-drive-api

I have a google drive application that does not request offline access and is already installed and authorised by the user. If the application requests authorisation itself, there are no problems.
However, recently, every time a file is opened from the Google Drive UI, an authorisation prompt appears:
This app would like to:
Have offline access
Oking this request will still mean it appears the next time a file is opened. I can see in the url that Google Drive generates that it requests "access_type: offline". I see no settings in the cloud console to control this and its very confusing for users. How can it be prevented?
I see a number of similar questions but not quite like this:
How to disable offline OAuth2 access from Google Drive SDK initiated connections?
Second authorization with same scope and offline access_type has unexpected permission dialog
"This app would like to: Have offline access" when access_type=online
The App keeps asking for permission to "Have offline access", why?

Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")

Related

Get and Use Access Tokens after user has authenticated with a google web app

I have developed a google apps script web app, in conjunction with an MIT App Inventor app, that will/should allow a user to access their own google drive/sheets/documents.
I am having trouble connecting to the web app through the Appinventor app's web component (not a webview), after the user had given their authorization to use the web app via their device's default browser (Chrome).
My Web App is connected to Google Cloud Console and has been verified by the Trust and Safety Team at Google. The app is set to "User who assesses the app" and "Anyone". I can't use the native webview in AppInventor, because Google blocked this off for authentication in 2016.
The web component offers GET/POST/PUT HTTP functions but I have no idea how to get the authorisation codes and tokens for a user in order to access the web app. (Note; the web app has no GUI, it simply receives GET requests and returns text/stringified json output for a range of functions.) I have been able to translate many curl examples in other situations to good effect with the web component, but not for 0Auth.
I have done my best to read up and use the offerings from Google on 0Auth, but just get lost halfway through, as always, nothing I do is quite the same as the examples or documentation provided.
How do I, therefore, construct HTTP GET URLs, with all the various authorization codes and tokens already in place, that will authorize the Web App to work for the user?
A simple request would be like this:
https://script.google.com/macros/s/AKfycbyZ_27nLOKi8ssX........Bz40yAbGfJt_TRswvm6zpY/exec?func=authenticate
which would return the text output "Authenticated"
With a web browser (Chrome) all of this is fairly straight forward for a user. If they are logged into their Google account in the browser they go to the URL provided for my web app, they will be asked to authenticate, and give my Web App access to their google account. Once accepted, 'magic' happens in the browser (any 'magic' happen at the web app end?), and as long as they stay logged in, they can use the browser to send GET requests (URLs with parameters) to the Web App and see the results returned in their browser. Happy days.
In my scenario, I do not have a suitable web browser capable of all of the above. I have a web component that can send GET/POST requests to web services, and handle the server responses. (think of it as a web 'terminal'). I can, therefore (hopefully) construct URLs with all the right content, codes, and parameters. Remember that this has to be straight forward for the user, who will not be interested in 'back end' activities, they will just want to use the app to do things on their google drive.
They need to, I guess, at the very least, perform the authentication in a web browser, to connect their Google account with the web app. Then with the web component connect to the web app using authorization codes and access tokens, as them (their google account) so that actions by the web app occur on their google drive. As stated above, the web app is set to "User who accesses the app" and "Anyone". This is the part I need help with. I do not understand what I need to do to connect the user to the web app without using a web browser.
This is the kind of thing I mean:
https://developers.google.com/gdata/articles/using_cURL
Your setting of Web Apps and goal is as follows.
Web Apps is deployed as Who has access to the app: Anyone.
You want to make users access to Web Apps.
Issue and solution:
In the current situation, there are the following situations for using Web Apps.
When the users access to the Web Apps by each browser, the users can access by logging in to each Google account.
When you want to make users access to the methods (for example, curl command and script) except for the browser, it is required to share the Google Apps Script project of Web Apps with the users.
Unfortunately, it seems that above situation is the current specification. I confirmed the change of this specification at April 11, 2018. Before this change, the users had been able to access to the Web Apps by the curl command and script with the access token without sharing the Google Apps Script project. By the change of specification, when the project is shared with the users, the users can access to Web Apps using the access token.
In this case, it is required to include the access token to the request headers. Because in the current stage, access_token=### as the query parameters cannot be used. Ref
Note:
From this situation, I think that when sharing the Google Apps Script project is not the direction you expect, in the current stage, the Web Apps with Who has access to the app: Anyone cannot be used by the method except for the browser.
References:
Taking advantage of Web Apps with Google Apps Script
Web Apps

developer console doesn't show my google apps script projects

I'm trying to create a google apps script project where is required to access by anyone (people with google account) and executed by the same user (user accessing the web app). I've published the app as "web app" and it work with the given url.
Since i need to this web app as a web service using ajax, the browser console return an error of unauthorised access (No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'x' is therefore not allowed access.) this doesn't happen if the web app is published as "Executed by my" and "access by anyone, even anonymous"
anyway, i'm following the instructions in Google Sign-In for Websites and it said i need to access in google developer console to get credential for the project but my google apps script are not displayed in the project list.
Open up the script, go to Resources > Developer Console Project > click on the link attached to the script.

Using Google Drive SDK to grant another Drive App authorization to file?

I have multiple Google Drive Apps published that have different client ids. When one Drive App creates a file, I would like to set the permissions on that file to allow the second Drive App access to that file. My use case is that from the first applications ui, I would like to allow the end user to launch the second application. Currently, the user needs to leave the first application and go to the drive ui and use the context menu to select open with.
In Google Drive UI, there is a context menu that says "View authorized apps...". I am basically looking for an API to add an entry to that list.
Thanks.
Jeremy
That is not possible. For security reasons, an app can only be granted authorization to see a file via direct user action: specifically opening the file with that app via open-with or the web or Android file pickers.

How to disable offline OAuth2 access from Google Drive SDK initiated connections?

I'm integrating our web app with Google Drive, and got stuck on configuring the conections initiated by the Google Drive UI.
We allow users to open and create files from Drive, but every time OAuth2 session is initiated from the Drive page, it asks for access to files (looks like drive.file scope, which is already given), and also to "Perform these operations when I'm not using the application". I assume the re-authentication is requested because of the offline access, which we never request and don't need. I'd rather not ask users for this if not necessary.
I could not find a way to disable this from the Google API Console. Is there a way to configure the OAuth2 url for sessions initiated from Google Drive UI and set the access_type?
Or, if that is not the issue, what causes the "Perform these operations when I'm not using the application" and constant re-authorisation when files are opened?
if it helps with troubleshooting, the APP id is 399581875395
Answered in Opening file from google drive always requests offline access
Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")

I am facing "The authenticated user has not installed the app with client id" error even after installing the app [duplicate]

I'm working on a Google Drive interface for Emacs. The concept is that Emacs could provide a platform-agnostic way to load, modify and save text documents stored in Google Drive. I've registered my app and can authenticate with OAuth2 and get a file listing with the Docs List API, but when I try to execute an Insert with the Google Drive API, I see an error:
"The authenticated user has not installed the app with client id ..."
Reading further, it seems I need to publish my Emacs application in the Chrome Web Store to get access to the Drive API. That doesn't make sense to me...I noticed that there is a FUSE project in development for Google Drive, which suggests that native development is possible. When I skimmed the code, however, I didn't see a Chrome Web Store component to getting it working.
Am I trying to misuse the API, or is there an route to make this work that makes more sense?
EDIT:
According to Ali Afshar, of the Google Drive team, installation is no longer required to use this API. So what follows may no longer be relevant, but will be left for historical purposes.
So, first off the API does not support application development in the sense that we are both doing it, I wouldn't use the word native though. The good news is I have been doing some research and Google Drive is really just a rebranding of Google Docs. So the Google Docs API could be a good choice as well for the same purposes.
Anyway, here's the steps to solve the error: "The authenticated user has not installed the app with client id ..." Which is a 403 error, for the sake of this answer. These steps assume you have set up an app in the chrome web store as is required, and installed it. I am working on my local machine too, with my project: http://github.com/tom-dignan/gdrive-cli which I have gotten past this error, so I think you should keep plugging away at your emacs version, because I think we can make this work.
a. Open the Google APIs console.
b. Confirm you've already enabled the apis under "API Access" both the API and SDK for Google drive should be enabled. There you get your client secrets/api keys and such. I am almost positive you've done this already, so go ahead to C. (this is here for others who may have missed it)
c. In the left navigation bar, under "Drive SDK" you will need to do the following:
Add a "Support URL" (required)
Add at least a small 16x16 application icon (required)
Add "OAuth Client ID (Required)" under Drive Integration (I was just tinkering and this seems to be the key field.)
Add "Open URL (Required) URL to open for your app from the google drive UI."
Check off "Multiple File Support"
Add some MIME types and file extensions, "text/plain", and txt for example
Add the the auth scopes:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
Don't bother trying to add the auth scopes for Google Docs here, because it won't work. Google does not want us to use it that way because files that drive apps create should be private to that app. Integration with Google Docs will have to be separate.
Now I know you must be thinking "why do I have to add some of these..." It's because the form makes them required fields. In mine, I put a couple URLs that point to static HTML pages.
Once you've done the above, clean up your state and reinstall your chrome app. Then try your code again, and it should stop giving you a 403.