google picker api doesnt force the user to an OAuth dialog, no asking them to authorize the application to upload or request active user data. In the quickstart guide "https://developers.google.com/drive/quickstart-js" there is a simple example to upload a file for active user .The user must accept the application. What is the main difference with picker api and OAuth JS-example.
Can I write a code like picker api for active user
I want to upload and list active user drive data without using picker api
The picker does two things which you can't do manually in a third-party application:
Uses cookie auth for the currently logged in Google user
Adds the file to the drive.file scope's opened with files, so an app with the file scope can access it.
Related
I'm working on an integration to stream Google Meet recordings to a 3rd party file storage service. Here's the rough workflow I'm following
Create the meeting using the Google Calendar API
During the meeting, a user optionally records
After the meeting, check the calendar event description for a link to the generated Google Drive file
Use the Drive API to retrieve a download link for the file
Open a download stream and stream to 3rd party service
My question is what OAuth scopes I need to make this work. The drive.file scope will only give me access to files my app created. The meeting recordings are created by Google Meet. The drive.apps.readonly scope gives me access to all files if the user installs my app. Could I create a Google Workspace Marketplace app and use that scope to download the file? Will the downloadUrl in the file object work with a token that only has drive.apps.readonly?
I'm trying to avoid using any restricted scope if possible.
Drive scopes are restricted by design
If you check this page, About Auth, and this page, OAuth Verification FAQs you'll see that Drive is inherently restricted due to the nature of the service. Since your app does not create the video, it will require a restricted scope to fetch the video created by meet.
I believe that https://www.googleapis.com/auth/drive.readonly will work for your purposes.
i am building an application that uploads a doc from my application to drive, then editing via google docs and downloading back to my application. I registered in the google api console using the service account option. now, even after giving permissions in the account, i am not able to view or edit the document. A page is shown with 'you need permission- access denied.' So any idea to turn this around.?
Using service accounts is not directly owned by the user. It is owned by the app. So if you want to have access on the files, try to insert it to your email using Permissions.insert.
I need to let user access documents stored on my account(app is registered on it) Drive. I know how to access user Drive data with Picker API, but is it possible to access Application data using Picker API?
The point is - I have website, and I want to embed documents from Drive to my App, so users can collaborate on it. I store those on my Drive, and want users to have possibility select those docs, using Picker API(which will return Document.EMBEDDABLE_URL, that I latter embed in <iframe>to view and edit).
Not at all. 'Application Data' is designed for things such as settings and configuration data that an app has per user, but a user should not see. If you wanted to do something like this you'd need to write your own Picker dialog and make sure the correct permissions are granted.
I'm using the Google Drive File Picker in an application that is being executed as me. When a user clicks to select a file they are presented with the Drive Folder structure of me (the user the app is executing as).
In my code I'm referencing Session.getActiveUser so I know who the user is and can performs actions and present data appropriate for their account.
How can I have the Drive File Picker display the files from the active user and not my account? I'm thinking if this cannot be done in the application, how would I spawn a separate window that runs a different web app that executes as them and then capture the call back in my application?
You can't (indeed) but what you can do is to let the app run as the user accessing the app and let this app call another app running as a service and that runs as you (and do what has to be done on your side).
You can use urlFetch service to call your app, adding necessary parameters to the url to identify the actual user (of the calling app) and other security/logging data (to prevent access from other source).
Depending on the complexity of your workflow , this can be simple or quite complex but feasible anyway.
If you need to show the content of the current user's Google Drive you can do it by performing an Oauth and using Google Picker.
You can find more about Oauth here :
https://developers.google.com/apps-script/reference/script/script-app#getOAuthToken()
Also note that user will have to enable the Drive Picker API for his account in order to perform an Oauth.
Then using the access token from the Oauth you can pass it to the Drive Picker to show the contents.
https://developers.google.com/apps-script/guides/dialogs#file-open_dialogs
When you deploy the app you have to select :
Execute the app as: User accessing the web app
Hope it helps!
I have multiple Google Drive Apps published that have different client ids. When one Drive App creates a file, I would like to set the permissions on that file to allow the second Drive App access to that file. My use case is that from the first applications ui, I would like to allow the end user to launch the second application. Currently, the user needs to leave the first application and go to the drive ui and use the context menu to select open with.
In Google Drive UI, there is a context menu that says "View authorized apps...". I am basically looking for an API to add an entry to that list.
Thanks.
Jeremy
That is not possible. For security reasons, an app can only be granted authorization to see a file via direct user action: specifically opening the file with that app via open-with or the web or Android file pickers.