I want to redirect to a google api link (Example:
https://www.googleapis.com/drive/v3/files/[File ID]?supportsAllDrives=true&alt=media)
That will download a file from my drive and as we know you cannot pass headers with redirects for authorization so I'm wondering how else I can authenticate the request.
You cant send the header like that, only if it was a webContentLink .
If its a binary file then a file.get will give you a webContentLink which you can use to download the file, or you can run a file.export which will allow you to export the file that way.
The only way you can download a file is to be authorized to download the file by the user who owns that file.
Related
End Goal: I want to redirect to a Google Drive api link to allow the user to download files.
Ex: http://example.com/redirect --> https://www.googleapis.com/drive/v3/files/<FILE ID>?alt=media --> File Downloads for User
I am trying to redirect users to a drive api link where files can be downloaded, but to do this the request must be authenticated. I know this can be done through authorization header but as we all know it's not possible to send headers with a redirect. If it helps I am using the fastify web framework.
For the fun of it i just tried something like this, which basically just adds the access token to the end of the request. No dice there either.
const access = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token
window.location.assign('https://www.googleapis.com/drive/v3/files/1v8QrAOxyC_5LQNovaq9XNALvnDocKeF6HxrrHPyWwRU?alt=media&access_token='+ access);
I am trying to dowload files from this websit using One drive API in invokeHttp.
So I append suffix like this /me/drive/items/ICTRPFullExport-672212-23-11-20/content
However, I cannot download the file.
I put this website into the postman, it show 403 error. But I also configure the username and password in the invokeHttp.
How can I fix this?
Situation
I'm currently using the Google Drive API to list files and allow users to download those files. The files are not shared and the download option is disabled (copyRequiresWriterPermission = true)
To do so, I currently execute a CURL call to https://www.googleapis.com/drive/v3/files/{file_id}?access_token={access_token}&alt=media on the server side and redirect the user to the Location header value of the response which will look something like {....}-apidata.googleusercontent.com/download/drive/v3/files/{file_id}?qk={....}.
Problem
However, the usage of the access_token query in files.get or files.export will not be longer possible as of January 1, 2020 (Announcement: Upcoming changes to the Google Drive API and Google Picker API).
Changing the request to authenticate via the HTTP header (Authorization: Bearer {accces_token}) will not work in this situation as it will start the download immediately on the server side and I can't redirect the user to a temporarily download URL. Redirecting the user to the webContentLink will not work as it requires the file to be publicly shared.
Other cloud services like Dropbox/OneDrive/Box do offer the creation of a temporarily download url via their API but that doesn't seem to be the case for the Google Drive API.
Question
So I am wondering, how do I download files via the Google Drive API as of January 1, 2020 keeping the following requirements:
The file need to be downloaded on the client side via the browser and not on the server side
The access token cannot be shared with the client side
The file will not have any sharing permissions set
Does anyone have any clues how to proceed?
If a folder has a permission that allows anyone with the link the read, trying to download specific file from that folder using
https://googledrive.com/host/<<<folder_id>>>/<<<file_name>>>
will redirect to the Google service login page.
However if the folder has a permission that allows anyone to find it and read the file will be downloaded correctly without being redirected to the service login page.
Is this the intended behavior despite the UI claiming "... no login required"?
Yes, that is intended behavior. The URL you're trying to build is from Drive's hosting feature. That requires using the "Public on the web" permission to be accessible there.
Using the lesser permission, it is possible to download via the UI with the link from sharing.
If you're looking for programatic downloads, you can use the Drive API to download without authentication (https://www.googleapis.com/drive/v2/files/FILE_ID?alt=media&key=YOUR_KEY) although that requires at least an API key for the registered app.
Update:
Please note that the server only responds with the headers needed for CORS when a valid origin header is present (browsers normally include this, so don't typically need to do anything.) For example:
curl -vv 'https://www.googleapis.com/drive/v2/files/FILE_ID_HERE?key=YOUR_API_KEY&alt=media' > out.tmp
The above request will not yield access-control-* headers. Including an origin header as a browser would does:
curl -H 'origin: https://www.example.com' -vv 'https://www.googleapis.com/drive/v2/files/FILE_ID_HERE?key=YOUR_API_KEY&alt=media' > out.tmp
Is there some kind direct links for google drive files, so I could download them by their links? Even temporary links would have been enough.
As I understood, webContentLink can be used only by browsers, downloadUrl can be used for small text files and shoud be used with something like XMLHttpRequest or something else.
webContentLink and downloadUrl are the two main links you may use to download a Drive file.
downloadUrl requires you to authorize using OAuth 2.0 (append the access token to the URL using downloadUrl + "&access_token=" + access_token or using the Authorization HTTP header). It can be used to download files of Any size. Not sure what made you believe it's only for small text files. It's not. The downloadUrl is a temporary URL that is valid around 24h.
webContentLink requires the user to be signed in a Google Account. Basically, it uses cookie authorization which is why we usually say it's to be used in a browser. However there is another interesting use-case for that link: If your file is shared publicly then this link does not require any kind of authorization whereas downloadUrl still needs you to use an OAuth 2.0 access token. The webContentLink never expires.