Im quite new to developing apps that make use of google drive and google api in general. I would like to know whether it is possible to have an application that exposes files saved on google drive without users having to login to their own google drive account. So in a sense the app would have an account and would list the documents that are currently stored on drive and users would be able to click on them ( via Google picker and not Drive UI) and view them.
Note: The app is an external ASP.NET MVC web application.
I've looked at all the authentication samples available (DrEdit etc) on the Google dev site but now of them seem to address my problem.
Seems like you could manually run through the authentication against your own Drive account, and then store the initial access token and refresh tokens in your CredentialStore implementation, which your app will continue to use.
CredentialStore is from the Java API - I'm sure there are equivalents in the .NET API.
Related
I am designing one application that use google API so all users can save file in their account. My question is, how i have to manage API Key in that scenario?
Example:
Suppose user Peter has a google drive account, then he login in my app and save the file, the same for all users that loggin in my app.
Best regards.
I am implementing Google Drive API and Google Sheets API to my application. How should I go about structuring the project in Google Developers console?
First I created the Drive connection and Oauth2 for it, then filled the verification request with scopes
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
which was verified.
Then I created another Oauth2 for Sheets API and after trying to verify the scopes
https://www.googleapis.com/auth/spreadsheets
But my request got denied with message that I already have https://www.googleapis.com/auth/drive.file scope.
So should I create separate project for each API or use same Oauth2 for both of them?
Each application is a project in Google developer console. Assuming you are trying to access user data then you should create Oauth2 credentials and request all of the scopes that you will need for the application.
If the application is using
https://www.googleapis.com/auth/drive.file
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/spreadsheets
Then you would need to active all three APIs in the Google Developer console. However I think that drive.file scope gives you the same access to all the files in Google drive there fore you dont need the spreadsheets scope.
https://www.googleapis.com/auth/drive.file View and manage Google Drive files and folders that you have opened or created with this app
vs
https://www.googleapis.com/auth/spreadsheets View and manage your spreadsheets in Google Drive
I want to find out when a user last used the Google Drive on the Desktop. Is there an API that can show me this? Either an individually-authorized API, or a Google Apps Domain-wide API? I can determine when a user last logged in using the Admin SDK Reports API, but it doesn't seem to show what application was used; similarly I can determine if an OAuth token was granted, but does this log every time that token was used?
I have a marketplace app that I'd like to use to access the Google Drive API. I'm currently using the gdata API using 2-legged OAuth. My understanding is that the new Google APIs, including Google Drive API do not support 2-legged OAuth.
How can I access the Google Drive API for my customers' domain without asking each of my customers's users for individual permission?
On my Google Apps Marketplace Vendor page, there is a link to the Google APIs Console, with a project linked to my Marketplace App, but there is no option to create an OAuth 2.0 Client ID. I can only create a Simple API key.
Apparently, you used to be able to use the two-legged OAuth credentials along with the server api key to authenticate, but it looks like that's no longer the case. I tried to authenticate using this method with an old Google API .net sdk, but got a 401. I downloaded the newest sdk, and two-legged OAuth is completely missing. I checked out a copy of the Ruby sdk, because it was used in the video "Google Drive SDK: Using the Drive API with the Google Apps Marketplace", but it looks like (I don't know Ruby) it explicitly forbids two-legged OAuth:
case authorization
when :oauth_1
STDERR.puts('OAuth 1 is deprecated. Please reauthorize with OAuth 2.')
I feel like Google is intentionally ignoring my questions about this topic.
You can use domain-wide delegation to access users' data without asking each user. Details are explained on https://developers.google.com/drive/delegation
I took a look in some docs at developers.google and some questions here in stackoverflow and I really would like to found an objective answer about use the Google OAuth Server to authenticate an application and grant access to download docs into a Google Drive account with NO BROWSER interaction.
As far as I could look, docs like "Using OAuth 2.0 for Server to Server Applications", "Using OAuth 2.0 for Devices", answers here, I couldn't found an article saying "Is possible to authorize an application to get files from a common Google Drive account in Devices with no browser...".
Anyone have tried and had success in this jorney?
The Devices flow is meant for applications that run on devices where no browser is present (fancy example could be a wristwatch that shows new G+ notifications) and requires the user to do manual steps on a device that has a browser. Also this is for getting access to data on the user's account.
UPDATE:
As you say you have an embedded application running without a browser available and want to access data on behalf of a user, this is definitely the way to go. This however still needs the user to login (once) on another device with a browser. After you got an access token using this flow, you can then access the Google Drive API either manually or by using some library.
So you want to access data on Google Drive that belongs to a special account and only your application can access it without a browser involved?
A Service Account (the Server-to-Server flow) would be exactly what you need. These however are only for usage on a web server, as otherwise your private keyfile would have to be deployed to a client, where it could easily be extracted.
One thing you could do is use your own web server that fetches data from your Google account using a Service Account and have a client application that only connects to your own web server. This has of course also its downsides, especially when it comes to locking down your web server so no third party clients could access it.
It can be done, but a browser does need to be used. I've successfully gotten OAuth 2.0 working on an IBM i (AS/400, iSeries, System i, whatever the name is today) which doesn't have a browser. I've so far implemented the Calendar and Google Cloud Print APIs.
During the OAuth 2.0 negotiation you will be returned a URL and a code. You need to display the URL for the user to go to, then the code to enter to grant authority for that specific API/scope. I have an example in our documentation here:
http://docs.bvstools.com/home/greentools-for-google-apps/docs/g4g-base-commands/g4gregsvc
But, the issue now is that the drive API is not yet available to devices. But, Google has said that soon it should be.