Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Google Drive Permissions/Scope Update #4793

Closed
2 tasks done
StrixOSG opened this issue Nov 13, 2023 · 5 comments
Closed
2 tasks done

Google Drive Permissions/Scope Update #4793

StrixOSG opened this issue Nov 13, 2023 · 5 comments
Assignees
@mifi
Labels
Feature

Comments

@StrixOSG
Copy link

StrixOSG commented Nov 13, 2023
edited
Loading

Initial checklist

  • I understand this is a feature request and questions should be posted in the Community Forum
  • I searched issues and couldn’t find anything (or linked relevant results below)

Problem

The current permission needed for Google Drive has been further restricted by Google and they suggest not using the https://www.googleapis.com/auth/drive.readonly scope so that access is more fine grained. For most people and our company included, this means you're likely denied access to the permission or you may have to go through for CASA Tier 2 compliance in order to use the readonly scope, which may be a deterrent if it's only for Google Drive imports.

Solution

Replace the https://www.googleapis.com/auth/drive.readonly scope with Google's suggested replacement https://www.googleapis.com/auth/drive.file for a more fine grained approach and enhances user privacy.

Alternatives

Request that you need the readonly permission and roll the dice with Google that they accept
@mifi
Copy link
Contributor

mifi commented Nov 20, 2023

from google drive:

https://www.googleapis.com/auth/drive.readonly

View and download all your Drive files.

https://www.googleapis.com/auth/drive.file

Create new Drive files, or modify existing files, that you open with an app or that the user shares with an app while using the Google Picker API or the app's file picker.

Google Picker API: https://developers.google.com/drive/picker/guides/overview

I tried changing the scope in companion and logging out and in again:

uppy/packages/@uppy/companion/src/config/grant.js

Line 8 in c60ece4

'https://www.googleapis.com/auth/drive.readonly',

and i receive this:

Screenshot 2023-11-20 at 22 26 26 (1)

Screenshot 2023-11-20 at 22 27 04

however after logging in the /drives endpoint returns an error.

when commenting out these lines here and returning []
https://github.com/transloadit/uppy/blob/c60ece4dc7678459a742e87d1aa93c23358274bf/packages/%40uppy/companion/src/server/provider/drive/index.js#[…]6

then it works! but i only see a single file from my drive (a drive which with drive.readonly returns a lot files). the file that I see is a file that was shared with me from another account:

Screenshot 2023-11-20 at 23 31 51

so the way I understand it from google's wording is that the https://www.googleapis.com/auth/drive.file scope will only give your app (your client_id) access to the files that your app has previously uploaded to the user's google drive. This defeats the purpose of Uppy which needs access to all files so that the user can select which file to upload from google drive to the provider. So I think there's nothing we can do and people have to continue using https://www.googleapis.com/auth/drive.readonly with Companion. We will try to better document how to be compliant. Closing for now but I can reopen if some other ideas surface.

@mifi mifi closed this as completed Nov 20, 2023
@StrixOSG StrixOSG mentioned this issue Apr 8, 2024
Closed
@matthewhartstonge matthewhartstonge mentioned this issue Apr 11, 2024
Merged
@laconica-vasilij
Copy link

laconica-vasilij commented Jul 23, 2024
edited
Loading

@mifi Hi! I apologies for the inconvenience and possibly stupid questions. I'm setting up a new google drive file upload app and I'm interested in the following points before submitting for review. Which items should I select for the following questions:
What features will you use?

  • Drive backup
  • Drive productivity
  • Drive sync client

I guess the last one.

How will the scopes be used? - I assume that this permission is needed to authorize the user and upload files from their google drive to the server.

Demo video: how will the scopes be used? - I have the biggest problem with this point. Could you please share some example of such a video or do you know people who have undergone such a test to consult on a sample video.

@Murderlon
Copy link
Member

What features will you use?

We picked Drive productivity

How will the scopes be used?

You would have to describe what you are going to do with those files in your app.

Demo video: how will the scopes be used?

https://youtu.be/U75fLGxzqYE

@laconica-vasilij
Copy link

What features will you use?

We picked Drive productivity

How will the scopes be used?

You would have to describe what you are going to do with those files in your app.

Demo video: how will the scopes be used?

https://youtu.be/U75fLGxzqYE

@Murderlon thank you for your reply! I really appreciate it.
I was creating a similar video at the moment and it turns out that the official example https://uppy.io/examples/ doesn't have the option to select Google Drive and Google Photos. I assume that the previously used authorisation app is going through a verification phase due to and using the API area of https://www.googleapis.com/auth/drive.readonly.

@Murderlon
Copy link
Member

Yes we used to be verified but we have to go through it again

@mifi mifi mentioned this issue Aug 1, 2024
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@mifi mifi

Labels
Feature
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@mifi @StrixOSG @Murderlon @laconica-vasilij