获取 Google Drive 范围:drive.file 以用于桌面应用程序。

huangapple go评论80阅读模式
英文:

get google drive scope: drive.file to work with desktop applications

问题

我已经使用 Google Drive API v3 在今年三月份开发了一个桌面应用程序。Google 推荐我将范围从 "auth/drive" 切换到 "/auth/drive.file"。我相信这是为了避免在使用任何受限范围时涉及的安全检查费用。

根据文档(https://support.google.com/cloud/answer/9110914?hl=en#zippy=%2Cdrive-api),几乎所有 Drive API 的范围都是受限制的。去年我开始开发应用程序时并非如此。这基本上让我只能使用 "drive.file" 范围,这也是 Google 推荐的。现在我正试图弄清楚这个范围的工作方式,特别是在桌面应用程序中。

帮助我解答的问题

  1. 当应用程序使用范围 "drive.file" 时,用户如何授予文件或文件夹的访问权限?

一些文章表明这只能在用户通过 Web 界面右键单击其 Google Drive 帐户上的文件或文件夹,然后点击 "Open With" 并选择你的应用程序时完成。只有在这种情况下,你的应用程序才能使用 "drive.file" 范围访问最终用户的文件和文件夹。这是否正确?

如果是这样,那么我的桌面应用程序如何在尚未经过验证的情况下出现在 Google 商店中呢?

  1. 驱动选择器的目的是什么,当它所做的与调用 https://accounts.google.com/o/oauth2/v2/authhttps://oauth2.googleapis.com/token,然后使用分配给它的范围处理驱动帐户的工作相同?

一些建议使用驱动选择器允许最终用户选择文件,然后可以由使用范围 "drive.file" 的应用程序处理这些文件。这让我相信,驱动选择器将以某种方式充当代理,自行处理所有受限范围操作,同时处理非受限范围,但显然情况并非如此。

  1. Google Drive Picker 提供的文件访问是否只能在作为 Web 应用程序一部分的 JS 代码中使用。它是否不为用户选择的文件和文件夹设置应用程序访问权限,以便下次应用程序运行时它无需调用 Google Picker,可以直接使用 "drive.file" 范围访问授权文件?

我正在尝试避免使用任何受限范围,坚持使用 "drive.file"。对于如何使这个范围工作的任何帮助都将不胜感激。谢谢。

英文:

I had developed a desktop application using google drive API v3 back in march this year. google is recommending that I switch the scope from: "auth/drive" to "/auth/drive.file". I believe its to avoid the fee involved with security checks whenever you use any restricted scope.

As per the document at: https://support.google.com/cloud/answer/9110914?hl=en#zippy=%2Cdrive-api
pretty much all of the scopes for drive API are restricted scopes. This was not the case when I first started developing my application last year. this basically leaves me with "drive.file" scope which google is recommending. so now I am trying to figure out how this scope works,especially with a desktop application.

The Questions That I need Help with

  1. How does the user give access to a file or folder when the application is using the scope: "drive.file" ?

some articles suggest that this can only be done when a user right clicks on a file or folder on their google drive account through the web interface and clicks on "Open With" and selects your application. Only then will your application get access to the end user's files and folders using the scope: "drive.file". is that correct ?

if it is then how will my desktop application show up in google market place when it has not even been verified yet ?

  1. What is the purpose of the drive picker when all it does is the same thing as calling: https://accounts.google.com/o/oauth2/v2/auth and https://oauth2.googleapis.com/token and then working on the drive account using the scope assigned to it ?

Some articles suggested that using the drive picker allows the end users to select files which then can be worked on by applications which are using scope: "drive.file". this lead me to believe that drive picker would somehow act as a delegate handling all the restricted scope operations by itself while working on non-restricted scope but clearly that is not the case.

  1. Does the file access that google drive picker gives out only meant to be used inside JS code thats part of a web application. Does it not setup access to application for files and folders that users select so next time when the application runs then it does not have to call the google picker and can straight away access the authorized file using the "drive.file" scope ?

I am trying to avoid using any restricted scope and stick to "drive.file". Any help on how to make this scope work is greatly appreciated. Thanks in advance.

My Setup

  1. I have my original desktop client id which I have been using since march 2022.

  2. I created a web app client id and have it setup by setting up the "hosts" file for 127.0.0.1 with my test domain: psg.mysite.com

  3. I have also setup a API key which can work with google drive picker API.

  4. copied the sample code from : https://developers.google.com/drive/picker/guides/sample and have it setup on node.js server listening to port 80

My Testing

  1. Desktop Client ID + Scope:drive.file = [] empty file list ==>
    I use the desktop client id, scope: drive.file and drive API:list to get a list of files on one of my test google drive but all I got was an empty list which was expected with "drive.file" scope

  2. Web app Client ID + API key + google picker + Scope:drive.file = [] empty file list ==>
    I use the google drive picker using my node.js server. the picker is configured with web app client id and API key generated above along with scope: drive.file (default was set to : "drive.metadata.readonly" but I changed it). I also added a small <p> tag in the default picker code so when I click on "authorize" then I get to see the generated access token

when the access token is generated on the picker page then I copy it and use it towards the REST API:list using POSTMAN and I get the same empty list [] as above and the google drive picker itself was also not able to show any files. it kept on saying that I need to sign into my google account and after two tries it gave errored out

  1. Web app Client ID + API key + google picker + Scope:drive.metadata.readonly = Populated file list but error 403 on file download/read ==>
    I changed the scope in drive picker sample code from "drive.file" to its default scope "drive.metadata.readonly" and this time, as expected, the REST API:list gave out all the files present in the drive but the REST API: files/XXXXXX?alt=media gave out error code 403 saying : The user has not granted the app 71721436800 read access to the file XXXXX

  2. Web app Client ID + API key + google picker + Scope:drive.metadata.readonly + File selected in google picker = Populated file list but error 403 on file download/read ==>
    I thought selecting the actual file that I need to download using the drive picker code would help so I did. The browser gave out the details of the selected file but when I used the generated access token on the google picker page against the REST API: /files/XXXXX?alt=media, I got the same error 403

  3. Web app Client ID + API key + google picker + Scope:drive.readonly = Populated file list + successful file download/read
    I changed the scope in drive picker sample code again from its default scope of "drive.metadata.readonly" to "drive.readonly" and this time I was able to download/read the file.


Conclusion


  1. the scope that you provide to google drive picker determines the access that you will get to the user's google drive account.

  2. this is the same behavior that you would get if you call: https://accounts.google.com/o/oauth2/v2/auth to get the access code first and then exchange it for a access token from https://oauth2.googleapis.com/token and then use the access token to call the google drive REST API

答案1

得分: 1

在进行了几天的测试后,我发现你不需要在 Google 市场上发布你的应用程序,用户仍然可以通过 Google Drive 的 Web 界面安装你的应用程序。

你可以使用范围为 https://www.googleapis.com/auth/drive.install 来让最终用户安装你的应用程序。只需在登录请求中包含此范围,最终用户可以像下面展示的那样使用:

https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/drive.install https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.appdata &response_type=code&redirect_uri=http://localhost:80&client_id=XXXXXXXXX

当用户同意你的登录请求时,你的应用程序将自动安装到他们的 Google Drive 中,避免了需要去 Google 市场安装应用程序的需要。

接下来是之前我遇到的问题。你可能会期望应用程序安装后用户能够在“打开方式”上下文菜单中看到你的应用程序,但事实并非如此。你需要将文件类型与你的应用程序关联,以使应用程序出现在“打开方式”上下文菜单中,以下是操作步骤:

1)登录 https://console.cloud.google.com,然后转到“API和服务” > “启用的 API 和服务”,点击“Google Drive API”

2)现在点击“Drive UI 集成”菜单

3)滚动到“身份验证”部分,然后需要逐个输入你的应用程序将处理的所有 MIME 文件类型。我检查过从 https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types 复制粘贴是否有效,但实际上不是这样。据我所知,你需要逐个手动输入这些 MIME 类型

4)同样的步骤也需要针对“扩展名”进行操作

5)最后,你需要点击“提交”来保存你的设置。最终用户需要刷新他们的 Google Drive 网页,以使你的应用程序出现在“打开方式”上下文菜单中

请注意:如果用户右键单击未在你的 Google 云项目的“MIME 类型”或“扩展名”下列出的任何文件,该文件将不会显示你的应用程序在“打开方式”上下文菜单中

英文:

After a few days of testing, I figured out that you do not need to publish your application on google marketplace in order for a user to be able to install your application on google drive via its web interface.

You can get an end user to install your application using the scope: https://www.googleapis.com/auth/drive.install. Just include this scope in your login request that your end users use like shown below:

https://accounts.google.com/o/oauth2/v2/auth?scope=https://www.googleapis.com/auth/drive.install https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.appdata &response_type=code&redirect_uri=http://localhost:80&client_id=XXXXXXXXX

when a user gives their consent to your login request then your application gets installed in their google drive automatically hence avoiding the need to go to google marketplace for app installation.

The next part is what I had problems with before. You would except that after the application has been installed then a user will be able to see your application in the "Open With" context menu but that is not how it works. You need to associate files types with your application in order for the application to show up in the "Open With" context menu and here is how you do this:

  1. Log into https://console.cloud.google.com and then go to "APIs & Services" > "Enabled APIs & Service" and click on "Google Drive API"
    获取 Google Drive 范围:drive.file 以用于桌面应用程序。

  2. Now click on "Drive UI Integration" menu
    获取 Google Drive 范围:drive.file 以用于桌面应用程序。

  3. Scroll down to the "Authentication" section and then you need to type in all MIME files types one by one that your application will handle. I checked to see if a simple copy and paste from https://developer.mozilla.org/en-US/docs/Web/HTTP/Basics_of_HTTP/MIME_types/Common_types would work but it does not. As far as I know you need to type in those MIME types manually one by one
    获取 Google Drive 范围:drive.file 以用于桌面应用程序。

  4. The Same is needed to be done to "Extensions" as well
    获取 Google Drive 范围:drive.file 以用于桌面应用程序。

  5. At the end you need to click on "submit" to save your settings and that is it. The end users will have to refresh their google drive web page in order for your application to show up in the "Open With" context menu

Please note: if a user right clicks on any file which has not been listed under "MIME types" or "Extensions" on your google cloud project then that file will not show your application in the "Open With" context menu

huangapple
  • 本文由 发表于 2023年5月6日 19:25:39
  • 转载请务必保留本文链接:https://go.coder-hub.com/76188601.html
匿名

发表评论

匿名网友

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen:

确定