How to disable offline OAuth2 access from Google Drive SDK initiated connections? - google-drive-api

I'm integrating our web app with Google Drive, and got stuck on configuring the conections initiated by the Google Drive UI.
We allow users to open and create files from Drive, but every time OAuth2 session is initiated from the Drive page, it asks for access to files (looks like drive.file scope, which is already given), and also to "Perform these operations when I'm not using the application". I assume the re-authentication is requested because of the offline access, which we never request and don't need. I'd rather not ask users for this if not necessary.
I could not find a way to disable this from the Google API Console. Is there a way to configure the OAuth2 url for sessions initiated from Google Drive UI and set the access_type?
Or, if that is not the issue, what causes the "Perform these operations when I'm not using the application" and constant re-authorisation when files are opened?
if it helps with troubleshooting, the APP id is 399581875395

Answered in Opening file from google drive always requests offline access
Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")

Related

Direct upload files from Browser to Google Drive Service Account without User Authentication

I am looking for a solution on the mentioned issues below. I would be grateful if someone could help us on this.
UPLOADING FILES DIRECTLY ON GOOGLE DRIVE SERVICE ACCOUNT FROM BROWSER WITHOUT USER AUTHENTICATION.
We would like to use our Google Drive Service Account as a storage instead of our Web Server disk space.
We are currently using DropzoneJS and Custom JS to upload files directly to our Web Server.
After that we are using Google Drive PHP SDK to upload those files on our Google Drive Service Account using Google Drive API.
Looking for Solution: We would like our users to upload files directly to our Google Drive Service Account without authenticating using their own Google account.
Is there a way for our users so they can upload files directly to our Google Drive Service Account by implementing JavaScript.
Looking forward to hearing from the helping genius.
Yes, by using Google Service Accounts you've just mentioned. Following Google service account guide you'll need to Setup a Service Account in Google Developer Console first.
Sign-in to Google API Console.
Create new project or use an existing one.
Enable Google Drive API
ClicK "Credentials" and "Create new oAuthClientID".
Select "Service account" and create new Client ID.
You will choose be asked to download your private key in JSON or P12 format.
After private key download, a password for accessing it will be shown in pop-up. Make sure you dont forget it.
Keep the private key in an accessible location, you'll be needing it later for your app.
After that you will see "Client ID" and "Email address" for your application.
Go to you Google Drive. Create some folder, and open "Sharing settings" for it.
Add your service email to the list of allowed users and allow it to edit the contents of that folder.
Remember your Drive folder ID like 0Bzgk4zccLwI7nXpRNG1yeDNxrYPU from drive.google.com/drive/folders/0Bzgk4zccLwI7nXpRNG1yeDNxrYPU.
After the setup, it's time to prepare making authorized API calls using JWT. Additional info that might help with the guide is a relevant post found here.

Is it possible for a domain owner to enable Google Drive API for all users?

I've added a few scripts to a Google Spreadsheet. One uses the Drive API. First time a person runs the script he has to manuallly enable access to Drive API and click on the link to Google Developer Console and enable access to Drive API.
There are about 100 people in my organisation who are going to use this spreadsheet and is there some way for me as a domain owner to enable Drive API so that the users don't have to do it by themselves?
/Magnus
Your users are going to have to create there own application in Google Developers console, and authenticate themselves.
Google Made a change recently that makes it against terms of service for you as a developer to give out your client id from Google developer console. So they will need to make there own. There is also no API that will let you automate this for them either.
As for authenticating that is the nature of authentication. Each user must give the application /or in this case script access to there account.
Sounds like you are doing everything correctly right now. It may seam time consuming but that is the way things have to be done.

How to allow the Drive File Picker access to the users Drive when running the app is executing as me

I'm using the Google Drive File Picker in an application that is being executed as me. When a user clicks to select a file they are presented with the Drive Folder structure of me (the user the app is executing as).
In my code I'm referencing Session.getActiveUser so I know who the user is and can performs actions and present data appropriate for their account.
How can I have the Drive File Picker display the files from the active user and not my account? I'm thinking if this cannot be done in the application, how would I spawn a separate window that runs a different web app that executes as them and then capture the call back in my application?
You can't (indeed) but what you can do is to let the app run as the user accessing the app and let this app call another app running as a service and that runs as you (and do what has to be done on your side).
You can use urlFetch service to call your app, adding necessary parameters to the url to identify the actual user (of the calling app) and other security/logging data (to prevent access from other source).
Depending on the complexity of your workflow , this can be simple or quite complex but feasible anyway.
If you need to show the content of the current user's Google Drive you can do it by performing an Oauth and using Google Picker.
You can find more about Oauth here :
https://developers.google.com/apps-script/reference/script/script-app#getOAuthToken()
Also note that user will have to enable the Drive Picker API for his account in order to perform an Oauth.
Then using the access token from the Oauth you can pass it to the Drive Picker to show the contents.
https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs
When you deploy the app you have to select :
Execute the app as: User accessing the web app
Hope it helps!

Using Google Drive SDK to grant another Drive App authorization to file?

I have multiple Google Drive Apps published that have different client ids. When one Drive App creates a file, I would like to set the permissions on that file to allow the second Drive App access to that file. My use case is that from the first applications ui, I would like to allow the end user to launch the second application. Currently, the user needs to leave the first application and go to the drive ui and use the context menu to select open with.
In Google Drive UI, there is a context menu that says "View authorized apps...". I am basically looking for an API to add an entry to that list.
Thanks.
Jeremy
That is not possible. For security reasons, an app can only be granted authorization to see a file via direct user action: specifically opening the file with that app via open-with or the web or Android file pickers.

Opening file from google drive always requests offline access

I have a google drive application that does not request offline access and is already installed and authorised by the user. If the application requests authorisation itself, there are no problems.
However, recently, every time a file is opened from the Google Drive UI, an authorisation prompt appears:
This app would like to:
Have offline access
Oking this request will still mean it appears the next time a file is opened. I can see in the url that Google Drive generates that it requests "access_type: offline". I see no settings in the cloud console to control this and its very confusing for users. How can it be prevented?
I see a number of similar questions but not quite like this:
How to disable offline OAuth2 access from Google Drive SDK initiated connections?
Second authorization with same scope and offline access_type has unexpected permission dialog
"This app would like to: Have offline access" when access_type=online
The App keeps asking for permission to "Have offline access", why?
Looks like I found a solution for this.
This message will keep appearing if you don't do step2 of the OAuth2 flow with the same client_id and client_secret.
#app.route('/open')
def drive_open_file():
code = request.args.get('code')
if code:
credentials = credentials_from_code("client", "secret",
"https://www.googleapis.com/auth/drive.file",
code,
redirect_uri="<WEBSITE>/open")