Google Drive Scopes being restricted

[Robert Gagliano]

If you are just getting back up from the Gmail scope restrictions, get back down!

In October of last year, we announced Project Strobe—a Google-wide effort to review third-party developer access to Google account and Android device data. As a result, we rolled out an updated user data policy further restricting access to Gmail data. Today we’re announcing plans to extend the same policy to Google Drive as part of Project Strobe.

https://cloud.google.com/blog/products/identity-security/enhancing-security-controls-for-google-drive-third-party-apps

[Faustino Rodriguez]

That was about to happen, thanks for the heads up

[Steve Webster]

Martin Hawksey will be hosting Totally Unscripted on June 5, 2019 at 1900UTC where Googler Eric Koleda will be the featured guess about this topic so please attend and use the Q/A to post your questions. I will participate at the event, as well.

Hi all,
Delighted to announce that in the next episode of Totally Unscripted we'll be joined by Eric Koleda to talk Google Apps Script verification and Editor Add-on Publication.

You can join us Wed. 05 June 2019 at 1900UTC by visiting https://youtu.be/C5_lw6OFiC0 or adding the calendar event at https://tu.appsscript.info/
YouTube chat will be open and we'll post a Q&A link during the show.
Hope to see you there!

Kind Regards,

Steve Webster

SW gApps, President 

Google Product Expert in: Google Apps Script, Drive, and Docs 

Google Vendor (2012-2013) || Google Apps Developer Blog Guest Blogger 

Add-ons: Text gBlaster and Remove Blank Rows

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
Visit this group at https://groups.google.com/group/google-apps-script-community.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/440e618f-ad07-4085-9ff4-f3b11309afd2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

[Alan Wells]

The documentation states that developers should migrate to the:

drive.file

scope.  Which allows the app/add-on to:

Quote:

View and manage Google Drive files and folders that you have opened or created with this app

End Quote

This change is good for security and giving users more trust in using the app/add-on, by allowing the user to restrict access.  I was very concerned when first reading the news about the change that restricts Drive access, but it seems that there is a  solution that is achievable.  I really do not like the Google picker, but I guess that we have no choice.  I have had trouble with the Google picker in the past.  As long as the Google picker actually works, then there may be hope.  But if a bug happens in the Google picker, that would literally kill your app/add-on.  And the Google engineers aren't known for fixing Apps Script bugs very fast.

[Robert Gagliano]

Thanks guys for the tips.

The Drive.file scope is not always practical and would lead to an awkward user experience in some cases.

As an example, you have a Google Forms add-on that needs the Drive scope to be able to access the Files uploaded via a 'File Upload' question. The add-on does not generate the Files or the File Upload folder (Google Forms automatically does that). Based on this, add-ons will now need to ask the user to select each File Upload folder that their form uses? 

When a user provides authorization to a folder, does the authorization extend to the files it contains? If not, this is a problem!

Assuming it does extend to the files (although I am very uncertain), most users don't even know that the files are uploaded to their account, let alone know which folder they are being stored in. If a new File Upload question is added to their form, they need to come back and do it again.

Whilst I understand the need for greater security and data protection, in future I hope visibility on what is coming ahead can be provided to developers. We also use the Contacts scope, Spreadsheets scope, Forms scope, External scope. If we knew other scopes will be restricted in the future, we would probably get the security assessment done and out of the way, without having to re-architect the application each time. All scopes could probably be narrowed down to single file scopes, but would again lead to further unnatural user experiences which I am reluctant to do unless necessary.

[Alan Wells]

I hadn't thought about the Google Form upload.  Thank you for pointing that out.  Hopefully Google will have an answer for that situation.  One of my add-ons would be affected by that situation.  In a perfect world, Google would have informed developers long in advance about these changes.  But this is a very flawed world run by very flawed people.  I'm not trying to defend Google at the expense of developers.  I've invested a major part of my life (not just time and effort) into my add-ons, and I don't want all my work to be done for nothing.  I should be able to survive this change, but it will mean more work, and decreased capability for my add-on.  I can imagine that for some developers, the cost of the change isn't worth the time, money and effort needed to comply.