Google Drive scope too broad? #1234
Comments
Great to hear that! 🎉
Is that a new API feature? When we added Google Drive support, there was no scope available for a single, arbitrary folder. It would actually be amazing if we could add that now, in case Google finally allow it, after almost a decade of making this impossible for their users! |
I think it is, because I seem to remember the API scope list being shorter when I checked it out, like at least 5 years ago.
It really would! If I may offer help, I could update the relevant part of the documentation to reflect the changes. |
|
Yes, any help would be most appreciated. Shouldn't be hard to change the Google Drive backend to use the scopes from We're currently in the process of finalizing the 2.0.0 beta. So this could still go in the 2.0 release I think. @yPhil-gh Could you link the relevant Google API docs perhaps? |
Really? From where I stand it sure doesn't sound easy :)
Of course: https://developers.google.com/identity/protocols/oauth2/scopes |
|
Hmm, I cannot see how we could actually define the folder to access in the relevant documentation: https://developers.google.com/drive/api/v3/about-auth#OAuth2Authorizing It sounds to me like a user would have to manually pick a single file during the auth dialog on the Google side or something. |
To be honest I'm already flabbergasted that it works so transparently for 5apps, and I wouldn't mind explaining the procedure you mentioned to my users ; After all it's the spirit of the documentation :
|
|
It might still be an option, but it's certainly neither as straight-forward to implement in the library, nor to use for end users, as a predefined directory access scope would be. We'll have to look into it further. Ideally someone could create a PR with a proof-of-concept to test. |
|
As a bit of a workaround, I can monkeypatch the // monkeypatch!
const AUTH_URL = 'https://accounts.google.com/o/oauth2/auth'; // from googledrive.ts
// change scope to only our files, https://developers.google.com/drive/api/v3/about-auth
const AUTH_SCOPE = 'https://www.googleapis.com/auth/drive.file';
remoteStorage.googledrive.old_connect = remoteStorage.googledrive.connect;
remoteStorage.googledrive.connect = function() {
console.log("Sign in to Google with monkeypatched scope");
this.rs.setBackend('googledrive');
this.rs.authorize({ authURL: AUTH_URL, scope: AUTH_SCOPE, clientId: this.clientId });
};It might be useful to provide a way to add config for some of these items which are hardcoded in googledrive.ts, such as |
Hi ; I have been using the remoteStorage widget in Pétrolette for years and it works great (quite literally, never failed me once) and now I want to offer Google Drive sync and it apparently works too :) but despite having reduced the scope to
/auth/drive.file(API User-facing description: "See, edit, create, and delete only the specific Google Drive files you use with this app") the Auth page still asks for full access, which is both scary and not true, since my app only needs to create one dir and read / write to one file in it.Said scope seems to be hard-coded in https://github.com/remotestorage/remotestorage.js/blob/master/src/googledrive.ts#L16 ; Is there any way to override it?
The text was updated successfully, but these errors were encountered: