0

I let Google drive users log in and make use of their google drive data. However, only the first user need to authenticate and the following users get access to the first users data! What is wrong in this code?

 public static DriveService GetService()
    {
        //get Credentials from client_secret.json file 
        UserCredential credential;
        var path = HttpContext.Current.Server.MapPath(@"~/client_secret.json");
        using (var stream = new FileStream(path, FileMode.Open, FileAccess.Read))
        {
            // The file token.json stores the user's access and refresh tokens, and is created
            // automatically when the authorization flow completes for the first time.
            string credPath = HttpContext.Current.Server.MapPath(@"~/token.json");
            credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
                GoogleClientSecrets.Load(stream).Secrets,
                Scopes,
                "user",
                CancellationToken.None,
                new FileDataStore(credPath, true)).Result;
        }

        //create Drive API service.
        DriveService service = new DriveService(new BaseClientService.Initializer()
        {
            HttpClientInitializer = credential,
            ApplicationName = "GoogleDriveRestAPI-v3",
        });
        return service;
    }
Eric1101000101
  • 531
  • 3
  • 6
  • 15
  • Have you had a chance to read up on how Google expects you to use its identity API yet? https://developers.google.com/identity/protocols/OAuth2 – Paul Feb 27 '20 at 13:19
  • Yes, I have tried a couple of times. What confuses me is that in all examples there are only two actors "My App" and "Google Servers". If "My App" is my back end server, how do I let the end user authenticate to google when they are using my app from their browser? If that is not according to practise, I could implement my code in the Vue JS app instead but that would require that the user is logged on and initiate all tasks. I could not initiate periodic tasks on the backend. As I remember I have read somewhere it should be possible to set it up like that. – Eric1101000101 Feb 27 '20 at 13:51
  • I will divide this question into two. I will let you know when I have posted the new question. Thanks. – Eric1101000101 Feb 27 '20 at 15:43
  • I have created a new question here instead: https://stackoverflow.com/questions/60441287/google-drive-api-authentication-make-authentication-on-client – Eric1101000101 Feb 27 '20 at 20:30

1 Answers1

2

It worked but the account got bound to the server and all potential users would have got access to the same account.

The way the client library works is that it stores the users credentials in credpath. each user is denoted by the user you are saying it is "user",

your code is only setting one "user", so its going to load the single user each time.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • That makes sense. Shouldn't I call the "GoogleWebAuthorizationBroker.AuthorizeAsync" method on the Vue JS app instead and pass the result back to the backend in order to get different user every time? Or at least the first time a user would like to give consent? – Eric1101000101 Feb 27 '20 at 14:03
  • I cant tell you that normally i use my internal user id as the value for "user" this way its linked to the users login account. – Linda Lawton - DaImTo Feb 27 '20 at 14:23
  • Thank you DalmTo, I understand. It worked and solved that issue. I realise my question present at least two issues. I will divide this question into two and mark your answer as the correct one. – Eric1101000101 Feb 27 '20 at 15:35