Giving an application its own user id/session to access a google drive

Question

I have a C# MVC web application that needs to make a copy of a google sheet (template) and set the copy to read/only for the current user while the template owner gets read/write to the copy.

Normally you would give the application itself an ID to do this type of function. I haven't figured out how to give an application its own ID and session ("User-1") independent from the current user ("User-2"). I don't want to give the read/only user the read/write password to make the copy of the template and I'd really prefer the copy happen outside of the current user's google login.

Answer 1

Your application is bound to a specific user by virtue of the OAuth Access Token it submits. So provided your app can retrieve an Access Token for User-2 (with an appropriate scope), then you're good to go.

Getting an access token for User-1 There are number of ways you can do this, depending on the volatility and security requirements of your app. Fundamentally it requires your web app to have a stored Refresh Token for User-1, which it can use at any time to silently fetch an Access Token. See How do I authorise an app (web or installed) without user intervention? (canonical ?) for more details.

.

Some of the terminology in your question needs a bit of straightening out.

• "ID" - each application has its own ID when you register it on the developer console. It's refered to as a Client-ID which confused some people into thinking the ID is somehow related to the end user; it isn't.
• "Session" - there is no session to Google Drive. There may be a session to Google, within which the OAuth flow will seek to identify the Google user in order to generate an access token for that user. But there is no "session" to Drive, which is why a Drive app can access as many Drive accounts as it likes, provided it has an access token for each one.