Use Google Drive API "without" authentication screen from php

Question

This is the scenario I'm facing. I have a php powered web application from which I need to access some links of files that I have on my Google Drive account. I ONLY need to access to my files in MY account, because I store some images that I have to serve to different clients. I tried to look into the Google Drive API documentation, but I don't need OAuth and the consent screen. The app should access MY Google Drive account in the "background", just to retrieve some informations that it has to present to the clients, without them having to do anything.

I read very similar questions here on StackOverflow, but none of those really helped me... some mention the use of Service Accounts, other say that they are not useful for this purpose.

Could you help me to understand which is the best approach in this scenario? Thanks a lot in advance!

Answer 1

What you are a looking for is a service account. Service accounts are dummy users they actually have their own google drive account. Because of the fact that they are a user you can then share files with them like you would any other user. Once the file is shared with the service account it has access to it and can then use it like you would with Oauth2 when you login only you wont need to login and consent to the access because you have already configured the access.

require_once __DIR__ . '/vendor/autoload.php';

// Use the developers console and download your service account
// credentials in JSON format. Place the file in this directory or
// change the key file location if necessary.
putenv('GOOGLE_APPLICATION_CREDENTIALS='.__DIR__.'/service-account.json');

/**
 * Gets the Google client refreshing auth if needed.
 * Documentation: https://developers.google.com/identity/protocols/OAuth2ServiceAccount
 * Initializes a client object.
 * @return A google client object.
 */
function getGoogleClient() {
    return getServiceAccountClient();
}

/**
 * Builds the Google client object.
 * Documentation: https://developers.google.com/api-client-library/php/auth/service-accounts
 * Scopes will need to be changed depending upon the API's being accessed. 
 * array(Google_Service_Analytics::ANALYTICS_READONLY, Google_Service_Analytics::ANALYTICS)
 * List of Google Scopes: https://developers.google.com/identity/protocols/googlescopes
 * @return A google client object.
 */
function getServiceAccountClient() {
    try {   
        // Create and configure a new client object.        
        $client = new Google_Client();
        $client->useApplicationDefaultCredentials();
        $client->addScope([YOUR SCOPES HERE]);
        return $client;
    } catch (Exception $e) {
        print "An error occurred: " . $e->getMessage();
    }
}