I am trying to upload some documents on Google drive, i want to run a cron script which is executed at mid night every day and the files generated as a result of it should be uploaded on the uses Google drive.
I tried the standalone script, which uploads document on Google drive, but for that i have to every time do allow access via browser.
However my purpose is to run a cron and upload the files, at the time the cron executes there will be no browser access.
Is there any way i can do the authentication process without manual intervention.
any help in this case would be really appreciated.
THanks,
you can authorize your App(script) with Google Drive.
Here, you mentioned you are writing a script which upload docs to your Google Drive.
I suggest you register a app in Google Cloud Console to get client ID and client Secret firstly,
and turn on Drive API for you registered App.
Then use this client ID and Secret to run oauth flow in your script to get an access token and refresh token, the access token's lifespan is about 3600s, and if it's expired, you can also get a new one with the refresh token.
User's interaction(consent) is required only in the first time you request access token.
In this way, your script can work in "a real script way".
Here are some reference:
https://developers.google.com/drive/about-auth
https://developers.google.com/accounts/docs/OAuth2InstalledApp?hl=zh-CN
I am assuming its only one user drive account you are uploading to. Have you considered using a service account fo this? https://developers.google.com/drive/service-accounts
If its not a single user account you are uploading you can just save the refresh token some place and use that to get a new authtoken every night.
Hi i figured the problem,
i was generating refresh token from oauthplayground and was trying to integrate it in the php script....which was invalid......
I then printed the refresh token returned for the first time when a user allows access and used that for future generation of access token and it works like charm. thanks All for help
Related
I 've the follow simple scenario:
a server of my boss
some costumers with google drive accounts
so I'd like to transfer daily some files to costumers google drive...
My question is: if a customer have pc disconnected or is not logged to my site is possible from my server upload a file into costumer google drive?
And if yes there's a limit of user or daily transfer?
p.s.
better if I can use A Google Drive spreadsheet and update data
thanks
Yes it is possible, but there are many steps in between.
1.- You would need an application, so you can perform this operations through your app. check the documentation.
2.- You would need to set the offline access, this way you will be able to upload files even if the user is not logged. Oauth Offline access.
3.- The users (customers with Google Drive account) will have to authorize your application to access their Drive accounts. After this you will be able to get an access token and a refresh token.
4.- With the refresh token you can refresh the access token (it expires after an hour) without having the user to login again and get a new access token. (you have to store this refresh token)
5.- Now you can call the function Drive.Files.Insert in order to upload a file into the customer's Drive. When calling this function you need to provide the access token related to the user.
6.- There are limits that apply to the API. These quotas are against the application. If you make too many calls to the API, you may reach these limits for your application. You can check these limits in the Developer Console of your application.
I hope this helps. I know it's a lot of information but is the procedure you need to follow.
I want to access my own google drive on web page but allow anyone to upload files and restrict download access or show only limited file to user for downloading.
Drive API assumes that I will access another users credentials.
But what I want is opposite, anyone can view my files (restricted what to view) but is free to upload.
I have google nearly 6+ hours and didn't found any solution
Any Help Appreciated
Thanks
You say "Drive API assumes that I will access another users credentials" but this isn't correct. Calls to Drive include an Access Token, and it is that which determines which Drive account the call will access. Drive makes no assumptions about how that Access Token was obtained or which account it refers to.
All of the examples show how an Access Token is obtained for an end user, since that is the more complex flow. Your requirement is very much simpler.
All you need to do is:-
Obtain a refresh token (see How do I authorise an app (web or installed) without user intervention? (canonical ?))
Store that refresh token in your PHP application. Make sure it's secure
When you need to access your Drive account, use the refresh token to obtain an access token as described at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
I am integrating ASP.NET application using Google Drive API. For this after authentication we re uploading Files to Google drive. I am using Google client library to Call the APIs.
Everything is working as expected I am able to authenticate user successfully and able to upload the file successfully.
In one scenario when the user Google account is suspended then I am getting refresh token from Google but my upload method is failing and it is not uploading the file to Google drive.
I want to restrict the user on Signup screen itself, when account is suspended.
What parameter do I have to pass to achieve this please suggest?
Unfortunately this info is not easily available. You have two options :
Use the Directory API to see if the user is suspended. This requires additional OAuth permissions to be provided by an admin of the domain.
At login, try and perform a Drive API call to see if you get an error or not. If you get an error (with a couple of retried) and the error message matches the one you had for suspended users, then you can deny access to the user.
Hi I have a very simple Google Apps Script, i.e. one that is created when in Google Drive and click create and then script.
What I would like to be able to do is have users authenticate using the oauth 2 protocol, receive the authorisation code and exchange that for an access token and refresh token. This requirement is for an IPhone app so I would rather save the refresh token so users do not have to login repeatedly.
My issue is that I do seem be able to get the access and refresh token, I can see the client_id of the app in the url returned from the authentication step, however I believe I also need client_secret to request the access and refresh token from:
https://accounts.google.com/o/oauth2/token.
I'm asking it this even possible, if so do you know of any examples and if not could you recommend a different approach (perhaps use an application specific password).
Many thanks
You should be able to obtain this from the Oauth Playground.
Oauth Playground
I've created a Google App Script that handle 2 different OAuth connections.
1- Google itself to send mail on behalf of the user and access google docs (google api console used to get keys, secret)
2- gtraxapp wich is a timesheet cloud-based app. (Script is registered, got a key/secret, etc.)
The script is published as a web app. It works perfectly for my user.
When logged on a different user name, I can authorize Google OAuth without providing different key/secret, and emails will be sent from the actual user.
Problem happens with the 2nd app (gTrax).
Authorization seems to work. Running the function inside the script to authorize lead to a screen asking for permission, gtrax then appears in the account as a registered app (could revoke access if needed).
But, when running the app, I get a message saying I need permission to do this action (UrlFetchApp / simple get)
My question is :
Is this possible that I need to register each user to get a key/secret for everyone (and dealing with that in the script)...
Or do OAuth can be registered with 1 key/secret ?
In other word, are (should) key/secret linked to a single user or are they only a kind of RSA-like key pairs that, when verified, can be used to authorize any user.
My understanding is this. When you use built-in Apps Script functions, like MailApp.sendEmail, the Google Apps Script "environment" takes care for you to ask authorization for the user (1st time he access your app) and save and manage the oAuth tokens for you, so it all runs smoothly.
When you call an external service using UrlFetchApp, Apps Script oAuth authorization process works differently. The authorization is just a strange popup you get on the script editor, when you actually make the fetch call. It is not processed at "compile time" and asked before you run anything like the other services. But you also do this step only once.
The "gotcha" is that this different authorization process does not work when a user is running the app as a webapp. AFAIK it only works from the script editor itself or running directly from a spreadsheet.
If your users are just a known few, you could advise everybody to open the script editor (or a spreadsheet that contains it) and run an specific function that will just attempt the UrlFetchApp.fetch call so the popup shows up and they authorize it. Once this step is done, they can use the webapp normally. Apps Script will do the magic for you after that.
But if you plan to share this broadly, say at the Chrome Web Store, and don't want to ask every user to do this somewhat strange step, then you'll need to manage all the authorization process yourself. It means, you'll have to register your app with the third party service (if it's Google's, it's at the API Console), where you will receive a client id and a client secret. With those you'll have to place a "Authorize" submit button on your app html that will redirect the users to the 3rd party authorization url, providing the correct scope, etc. When they authorize it, the 3rd party will redirect the user back to your app providing a code token as URL parameter. You'll use this code to call the 3rd party oAuth service to get the real access and possibly refresh tokens that you'll have to use on your UrlFetch calls. You'll be responsible to save these tokens, refresh them when they expire and so on. Not a very simple procedure :-/
Oh, and although your app have only one id and secret, the tokens are per user. Which makes sense, since each call you do must be on behalf of a specific user and he *must* have authorized it.
I hope this helps.