I'm running into a strange issue with the Google Drive SDK — I'm not sure if this is the designed behavior or if it's a bug in the scoping.
Quick background: we're developing an application using the "drive.files" scope (e.g. only files / folders created by our app) and we want to list all folders created by our app. So we use the drive.files.list method call (using the Javascript client API), with a query for the drive folder mimeType:
mimeType = 'application/vnd.google-apps.folder'
The problem: what comes back is a list of all folders in the user's Drive account, not just the ones created by our app.
Is this not a blatant violation of scope? As far as I can tell, the documentation doesn't indicate whether we should expect to see out-of-scope files returned from search queries.
This behavior can be repeated using the Google APIs explorer:
- Open the Google APIs explorer: Google APIs Explorer: drive.files.list with empty query
- Turn OAuth authorization to ON, using only the drive.file authorization.
- Click "Execute" with an empty query. The results list should be empty.
Now, enter the folder query into the 'q' parameter box:
mimeType = 'application/vnd.google-apps.folder'
Click "Execute". The results list shows folders in the users' Drive account that have not been created by the APIs Explorer app.
Am I missing something here? Is this the expected behavior? And if so — is there a better way to get the list of folders only created by our app?
