0

I'm trying to use the Advanced Drive Service with the scope "https://www.googleapis.com/auth/drive.file" to minimize permissions. My app only accesses files located on my Webapp Google drive, which are shared with incoming users, no actions are needed against the user's google drive, hence why I'm trying to avoid asking for permission to access all their google files, which is inherent with DriveApp.

appsscript.json

{
  "timeZone": "America/Los_Angeles",
  "dependencies": {
    "enabledAdvancedServices": []
  },
  "exceptionLogging": "STACKDRIVER",
  "runtimeVersion": "V8",
  "oauthScopes": [
    "https://www.googleapis.com/auth/userinfo.email",
    "https://www.googleapis.com/auth/drive.file"
  ],
  "webapp": {
    "executeAs": "USER_ACCESSING",
    "access": "ANYONE"
  }
}

Apps script:

 console.log(folderId); // this returns a valid ID
 var folder = Drive.Files.get(folderId);  // this fails, Drive is not defined
 var query = "trashed = false and mimeType != 'application/vnd.google-apps.folder'";
 var files = Drive.Files.list({q: query}).items;

I tried republishing after modifying my Json, and I tried clearing my cache, to no avail.

The other articles suggest adding Drive API as a service, but my goal is to stay clear of that API because of the permission authorization it requires. Modifying the script to use DriveApp works flawlessly, but again the permission request is outrageous.

Please advise if I'm on the wrong path here.

TheMaster
  • 45,448
  • 6
  • 62
  • 85
David Caradonna
  • 1
  • 1
  • how are are you sharing the files with your users. drive.file would only work if you create a new file on their drive account not if you share files with them – Linda Lawton - DaImTo Apr 11 '23 at 17:49

1 Answers1

0

Drive is a advanced Google service and it needs to be enabled to use the api.

DriveApp can also be used with scope drive.file provided, the file accessed

  • is first selected using Google picker(, which needs it's own scopes) or
  • is created from this script project using methods like DriveApp.create or
  • you may also use contextual drive triggers using

References:

My app only accesses files located on my Webapp Google drive, which are shared with incoming users, no actions are needed against the user's google drive

In that case, you may try publishing the webapp as

  • Execute as "me"

Then your users don't need to authorize any scopes. But, if you also need the user's email, you can try the two webapp technique mentioned here.

TheMaster
  • 45,448
  • 6
  • 62
  • 85
  • You are correct with that suggestion (execute as "me"), but I need to grab the user's email and I recall not being able to do that while running as "me", the effective user email basically returns a blank, unless I missed something? – David Caradonna Apr 11 '23 at 05:00
  • interesting approach, so if I run as "me" using DriveApp, the excessive permission warning goes away, correct? If so then I'll def explore the two webapp technique to grab user emails. – David Caradonna Apr 11 '23 at 05:04