How to limit the scope to access Google Drive (great old-news for the rest of us?;)

[Faustino Rodriguez]

Hi everyone

I guess this is OLD news, but it wasn't for me until this morning, so I am sharing the details here, just in case it's useful for somebody else

(I still don't understand why it took me so long to learn about this ... I hope it's for real...)

I often use the DriveApp that force the full scary Drive access scope (https://www.googleapis.com/auth/drive)

Even, when using the Advanced Google Services Drive, it'd default to that full scope as well

Today, I just forced the limited Drive scope (drive.file) in the manifest, as follow

  "oauthScopes": ["https://www.googleapis.com/auth/drive.file"]

And now I am using functions like

- Drive.Files.insert() for files and folders everywhere

- Drive.Files.update() and Drive.Files.remove() only for files created by the same script, otherwise it'd throw "File not found" error

- Drive.Files.list() would only return the folders created by the same script

Still exploring and testing, but the good news is that the end user would get a lot more friendly and limited/restricted scope authorization message ... as follow:

+ View and manage Google Drive files and folders that you have opened or created with this app

- View files from Google Drive that you have opened with this app or that are shared publicly

- Save changes to files that you have opened with this app

- Create new files in Google Drive using this app

- View folders and their contents from Google Drive that you have opened with this app

- Make changes to folders and their contents that you have opened with this app

- Delete contents of folders that you have opened with this app

By the way, if/when downgrading from full drive scope to drive.file scope, all previous users will have to reauthorize the script again

Thanks

p.s. the scary full access scope authorization message is instead as follow

+ See, edit, create, and delete all of your Google Drive files

This app wants permission to access everything in your Google Drive. It will be able to do the same things you can do, including:

- See your files

- Upload and download your files

- Delete your files

- See the names and emails of people you share files with

- Share and stop sharing your files with others

- Remove people from your files

- Organize your Drive

There may be private information in your Google Drive, like financial records, medical reports, photos or tax info.

[aj.addons]

Thank you.  That would work great for me except, I have a file/folder picker that needs to get all the folders/files in the drive.  If there was a way to just get folder names/IDs and file names/IDs that would be great.

[dimud...@gmail.com]

You can use google's discovery API to find all scopes used by the Drive API. Here are all scopes used by the Drive API and their descriptions:

   "scopes": {
    "https://www.googleapis.com/auth/drive": {
     "description": "See, edit, create, and delete all of your Google Drive files"
    },
    "https://www.googleapis.com/auth/drive.appdata": {
     "description": "View and manage its own configuration data in your Google Drive"
    },
    "https://www.googleapis.com/auth/drive.file": {
     "description": "View and manage Google Drive files and folders that you have opened or created with this app"
    },
    "https://www.googleapis.com/auth/drive.metadata": {
     "description": "View and manage metadata of files in your Google Drive"
    },
    "https://www.googleapis.com/auth/drive.metadata.readonly": {
     "description": "View metadata for files in your Google Drive"
    },
    "https://www.googleapis.com/auth/drive.photos.readonly": {
     "description": "View the photos, videos and albums in your Google Photos"
    },
    "https://www.googleapis.com/auth/drive.readonly": {
     "description": "See and download all your Google Drive files"
    },
    "https://www.googleapis.com/auth/drive.scripts": {
     "description": "Modify your Google Apps Script scripts' behavior"
    }
   }

@Alan Wells I suspect in your case the metadata scopes might come in handy.

[Amit Agarwal]

For quick reference, here's a list of all Google APIs and the available OAuth 2.0 scopes.

https://github.com/labnol/apps-script-starter/blob/master/scopes.md

Google provides this data in JSON format that I used to make the table.

https://developers.google.com/oauthplayground/getScopes

Thanks!

Amit Agarwal
blog: labnol.org    shop: digitalinspiration.com

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-script-community.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/2752b99b-a349-48fa-917e-0e464b148c36%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Faustino Rodriguez]

Thanks everyone for the suggestions and resources you shared with me

It looks it was actually OLD news around here, but good news anyway even a bit late

I am now working in a mini-library using Drive.Files with drive.file limited scope, to migrate a few projects from DriveApp

Cheers