If a folder has a permission that allows anyone with the link the read, trying to download specific file from that folder using
https://googledrive.com/host/<<<folder_id>>>/<<<file_name>>>
will redirect to the Google service login page.
However if the folder has a permission that allows anyone to find it and read the file will be downloaded correctly without being redirected to the service login page.
Is this the intended behavior despite the UI claiming "... no login required"?
Yes, that is intended behavior. The URL you're trying to build is from Drive's hosting feature. That requires using the "Public on the web" permission to be accessible there.
Using the lesser permission, it is possible to download via the UI with the link from sharing.
If you're looking for programatic downloads, you can use the Drive API to download without authentication (https://www.googleapis.com/drive/v2/files/FILE_ID?alt=media&key=YOUR_KEY) although that requires at least an API key for the registered app.
Update:
Please note that the server only responds with the headers needed for CORS when a valid origin header is present (browsers normally include this, so don't typically need to do anything.) For example:
curl -vv 'https://www.googleapis.com/drive/v2/files/FILE_ID_HERE?key=YOUR_API_KEY&alt=media' > out.tmp
The above request will not yield access-control-* headers. Including an origin header as a browser would does:
curl -H 'origin: https://www.example.com' -vv 'https://www.googleapis.com/drive/v2/files/FILE_ID_HERE?key=YOUR_API_KEY&alt=media' > out.tmp
Related
I want to redirect to a google api link (Example:
https://www.googleapis.com/drive/v3/files/[File ID]?supportsAllDrives=true&alt=media)
That will download a file from my drive and as we know you cannot pass headers with redirects for authorization so I'm wondering how else I can authenticate the request.
You cant send the header like that, only if it was a webContentLink .
If its a binary file then a file.get will give you a webContentLink which you can use to download the file, or you can run a file.export which will allow you to export the file that way.
The only way you can download a file is to be authorized to download the file by the user who owns that file.
Situation
I'm currently using the Google Drive API to list files and allow users to download those files. The files are not shared and the download option is disabled (copyRequiresWriterPermission = true)
To do so, I currently execute a CURL call to https://www.googleapis.com/drive/v3/files/{file_id}?access_token={access_token}&alt=media on the server side and redirect the user to the Location header value of the response which will look something like {....}-apidata.googleusercontent.com/download/drive/v3/files/{file_id}?qk={....}.
Problem
However, the usage of the access_token query in files.get or files.export will not be longer possible as of January 1, 2020 (Announcement: Upcoming changes to the Google Drive API and Google Picker API).
Changing the request to authenticate via the HTTP header (Authorization: Bearer {accces_token}) will not work in this situation as it will start the download immediately on the server side and I can't redirect the user to a temporarily download URL. Redirecting the user to the webContentLink will not work as it requires the file to be publicly shared.
Other cloud services like Dropbox/OneDrive/Box do offer the creation of a temporarily download url via their API but that doesn't seem to be the case for the Google Drive API.
Question
So I am wondering, how do I download files via the Google Drive API as of January 1, 2020 keeping the following requirements:
The file need to be downloaded on the client side via the browser and not on the server side
The access token cannot be shared with the client side
The file will not have any sharing permissions set
Does anyone have any clues how to proceed?
I try do auto-deploy for some project, when somebody push to git, deploying occurred for the branch and jenkins setup project and do deploy stuff on a server. For example:
|Branch |URL (will be created) |
|--------|---------------------------------------|
|master |http://master.my-project.example.com/ |
|some |http://some.my-project.example.com/ |
|dev-2e |http://dev-2e.my-project.example.com/ |
all is fine, but project need use google OAuth2, and there is a key, client id, client secret.
So I need setup not just one or just five redirect URIs for google authorization, I need template:
http://*****.my-project.example.com/oauth2redirect
When I try do this, I have error without any reason or explanation. When I just omit all URIs, no one URI is work, but I even agree with turning off this restriction.
Is there any ability to do this? Or programmatic API for adding new URI?
I didn't found any standard way to solve this problem.
How do I add "authorized redirect URIs" to Google OAuth2 using an API?
Says: I need create own proxy server, that will be do redirects. And has the only allowed redirect URI in google console.
I am trying to set up google authentication for my local project. I run projects in python virtual environments and have different local domainnames set up for those. Names like projectname.dev. When i enter http://projectname.dev in browser the site opens up.
When i went to https://console.developers.google.com/project/< myprojectid >/apiui/credential?authuser=0 i could set values like javascript origin and authorized redirect uri there. I set javascript origins to http://projectname.dev and tried to put same domain for authorized redirect url too, but it did not work and i had to leave it to localhost.
When i tried to authenticate via django-allauth, i got such response from google:
**Error: invalid_request**
Invalid parameter value for redirect_uri: Non-public domains not allowed: http://projectname.dev/account/google/login/callback/
Now my questions are:
Can i develop this part of project locally with domainname like projectname.dev or do i need to set it up for localhost? Will local redirect from localhost -> projectname.dev work?
If i can do it with projectname.dev, then perhaps there is an error in the way i have this project set up in google developers console?
In any case, if you cannot set the redirect URI in the Cloud Console, Google will throw you our when you try to authorize the app.
My recommendation would be to choose either of those solutions :
Use "localhost" as you said, with some kind of redirection/NAT/proxy to projectname.dev
Replace projectname.dev with a domain with an actual tld such as projectname.thisdomaindoesnotexist.com . Then configure this domain name to map to your servers.
Or wait for ".dev" to be recognized as an actual TLD, and you'll be good :)
I have installed the Google Drive Realtime API sample files on my web server, following these instructions, including generating a client_id in the Cloud Console and inserting it into the index.html file.
When I visit that page and click the button to authorize the app, it pops up with a new window and shows:
Error: invalid_client
no registered origin
The Request Details are:
openid_connect_request=true
cookie_policy_enforce=false
scope=https://www.googleapis.com/auth/drive.install https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/plus.me
response_type=token
access_type=online
redirect_uri=postmessage
proxy=oauth2relay865404532
origin=http://mywebsite.com
state=264939258|0.165356673
display=page
client_id=1077585001321.apps.googleusercontent.com
authuser=0
I can't see any other client_id that I should be using in the Cloud Console. Does anybody know how to overcome this error? Thanks for your help.
In the new Google API Console, configure your OAuth2.0 authorized origins from
Your Project > APIs & auth > Credentials
You might need to add a new Client ID specifically for a web application (I did because the default was for AppEngine)
Create Client ID > Web Application > Authorized Javascript origins
If you are running on a local dev server, just add the exact URL such as :
http://127.0.0.1:9000
UPDATE: I changed accepted answer to Johno Scott instead as he refers to the newer version of the console, whereas mine was only true for the older version.
I solved it. I needed to enter a WEB ORIGIN on the OAuth 2.0 Client ID screen. Specifically, it had to be the exact path/url of the index.html file, otherwise it defaults to the root domain which doesn't work.
This screenshot shows you exactly where it needs to be entered: