So for example, if the application needs to also be able to write entries into a Cloud SQL database as well as access the Drive content, then you’d need to give it the Cloud SQL Client role.
Drive itself doesn’t actually need a specific permission role. Give it a name, grant it account access to what roles the application needs for the GCP services you’re using. Click the Create Service Account button up at the top. I created a service account in the console here. Let’s walk through what I did to get it working. So in my case, I needed to share the Drive folder where our marketing folks were going to put the icons. Whatever it is you want to integrate into your GCP application. Just as you can share a Drive folder with a person, you can also share a Drive folder with an IAM service account. If you look at a service account in the list on the access page in the console: The key to this magic is to understand that IAM service accounts are also users. The required scopes by each method are included there.
So it turns out.if you want to integrate Google Drive functionality into your application that already uses GCP services, you can totally use IAM service accounts to do it! I'm using DriveApp.getFoldersByName (), DriveApp.getRootFolder (), DriveApp.createFolder (), and DriveApp.createFile (). Now, what IS in my day to day sweetspot? Working with service accounts and IAM within GCP for authorization.
#DRIVE SCOPE AUTHORIZATION HOW TO#
I need which token from where now? And do I put it in a header? What’s the name of the header? I’m always looking up how to implement OAuth correctly each time I have to do it. I just don’t like that since it’s not something I use every day, I can never remember exactly what I need to do. Okay okay, hate is probably too strong of a word. I hate OAuth, and on the surface it seems like you need to use OAuth in order to use Google Drive’s API.
Only one problem.and I have a confession to make. Super simple interface, has rudimentary source control built into it, and it has an API so I can automate pulling the icons from Drive into proper source control and our build system for everyone to consume the icons! Scopes for label metadata on Drive items Scopes for labels Administrator access useAdminAccess Domain-wide delegation This document contains API-specific authorization information. Maybe you never thought of it as a data store.but let’s talk about it here for a minute. So an easy solution is to use Google Drive. I’m not going to write a front-end from scratch, and teaching them source control, while valuable, isn’t really something I wanted to tackle right now. Right now, for example, I’m building an app that allows non-technical folks to easily add icons into a build system. Open your terminal, create a new project directory and initialize the Firebase project.There are times when I’m building an application on GCP when I don’t want to use a more traditional datastore like Cloud SQL or Bigtable. Make a note of the Client ID and Client Secret provided by Google. Inside your Google Cloud Console, go the APIs & Services section, click on Credentials and click on Create credentials > OAuth Client Id to create a new client ID.ĭuring development, you can put as the redirect URI since the Firebase emulator, by default, will run the web application locally on port 5001. Step 1: Create the Google OAuth 2.0 ClientĬreate a new OAuth 2.0 client inside your Google Cloud project as described in this step by step guide. We are not using Google Sign-in with Firebase Authentication since it does not provide the refresh token that is required to run background API tasks unattended. We’ll thus store the refresh token in Cloud Firestore, and use it to generate a new access token whenever the application needs to access Google APIs on behalf of the user. The access token will expire after an hour but the refresh token will be valid indefinitely (unless manually revoked by the user).
#DRIVE SCOPE AUTHORIZATION CODE#
The application then exchanges the authorization code for an access token and a refresh token. The user is asked to grant access to the application. When the user signs in, Google redirects the user to the Google OAuth 2.0 authorization page. The user can sign-in with their Google account and authorize the application to access their Google Drive or any other Google service. Let’s build a simple web application that uses Google OAuth 2.0 to access Google APIs. This tutorial explains how you can sign-in with Google OAuth 2.0, store the refresh token in database and access the various Google APIs with the access token generated from the refresh token.
0 kommentar(er)
