When a user clicks a downloadUrl supplied by an authenticated file list (via an access token), she doesn't need to send an access token again to download the file.
How does Google Drive know that this user has permission without supplying said token? Is it somehow encrypted within the downloadUrl?
Thanks in advance!
If you don't want to pass the token, Use the webContentLink URL instead, then, if the user is logged in to their Google Account, the cookie will be used for authorization.
Related
I am using drive api in my app and it works well , but sometimes when multiple users are logged in and I try to open a file in the browser with the link fetched via drive api I see the error message "You need permission. Want in? Ask the owner for access, or switch to an account with permission. Learn more" .
Steps to reproduce :
login to google drive with one account.
login with a second account and use drive api.
when you try to open public files you get that error.
If you add access token in url it seems to resolve the issue but thats a security risk. If you add authuser param to url that also works, but I can't find a way to get current user's authuser param.
Any help is appreciated.
I want to access my own google drive on web page but allow anyone to upload files and restrict download access or show only limited file to user for downloading.
Drive API assumes that I will access another users credentials.
But what I want is opposite, anyone can view my files (restricted what to view) but is free to upload.
I have google nearly 6+ hours and didn't found any solution
Any Help Appreciated
Thanks
You say "Drive API assumes that I will access another users credentials" but this isn't correct. Calls to Drive include an Access Token, and it is that which determines which Drive account the call will access. Drive makes no assumptions about how that Access Token was obtained or which account it refers to.
All of the examples show how an Access Token is obtained for an end user, since that is the more complex flow. Your requirement is very much simpler.
All you need to do is:-
Obtain a refresh token (see How do I authorise an app (web or installed) without user intervention? (canonical ?))
Store that refresh token in your PHP application. Make sure it's secure
When you need to access your Drive account, use the refresh token to obtain an access token as described at https://developers.google.com/accounts/docs/OAuth2WebServer#refresh
Is it possible to upload a file via the Box V2 API without requiring the user to login. I don't want to have to make my users create Box accounts - is it possible for them to upload a file using my account, or perhaps the API key instead of OAuth?
OAuth works by exchanging login credentials for an access token and refresh token. If you persist your access token and allow your users to submit requests using that access token, that would be equivalent of the user being logged in under your account.
Please note that the Box V2 access tokens only have a lifetime of an hour. So after that time, you will need to refresh it using the refresh token.
What about enabling uploads by email? Each folder will have a unique (and hard to guess) email address that you can send emails with attachments to. If you give that email address to users, they can upload that way.
Hi I have a very simple Google Apps Script, i.e. one that is created when in Google Drive and click create and then script.
What I would like to be able to do is have users authenticate using the oauth 2 protocol, receive the authorisation code and exchange that for an access token and refresh token. This requirement is for an IPhone app so I would rather save the refresh token so users do not have to login repeatedly.
My issue is that I do seem be able to get the access and refresh token, I can see the client_id of the app in the url returned from the authentication step, however I believe I also need client_secret to request the access and refresh token from:
https://accounts.google.com/o/oauth2/token.
I'm asking it this even possible, if so do you know of any examples and if not could you recommend a different approach (perhaps use an application specific password).
Many thanks
You should be able to obtain this from the Oauth Playground.
Oauth Playground
I know that the Google Drive SDK does not show the user email in the value field of the permission object due to privacy concerns. If we don't have that user email address, is there a way to know if a document is shared with anyone outside of the domain?
Also, wouldn't retrieving permissions using the document's owner authentication allow us to see that email address?
You cannot do that using Drive API. However, you can achieve this result using the old and deprecated Gdata DocumentList API