8

I'm using the new Google Drive Android API. This is the demo code that I've copied from Google's android-samples repo.

GoogleSignInAccount signInAccount = GoogleSignIn.getLastSignedInAccount(this);
if (signInAccount != null && signInAccount.getGrantedScopes().containsAll(requiredScopes)) {
            initializeDriveClient(signInAccount);
}
else 
{ ... }

The issue I'm facing is, even if I remove the app from Drive, getLastSignedInAccount() is still returning the account and the operations (such as adding a file) on the accounts are still succeeding. Returning the GoogleSignInAccount object is fine, I suppose, but it should not allow the operations on it. I double checked in Drive, there are no files getting added when the API returns success (since I've unlinked the app). What is going wrong here?

And yes it worked when I manually synced the account on my device. In that case, though getLastSignedInAccount() returned the object, the operations did fail.

PS: I'm requesting SCOPE_FILE and SCOPE_APPFOLDER scopes.

Mangesh
  • 5,491
  • 5
  • 48
  • 71
  • could you show some code? – Leo supports Monica Cellio May 25 '18 at 04:36
  • Please clarify what you mean by "even if I remove the app from Drive," I'm assuming you mean you are revoking an App's access within Google Drive's UI? Also please clarify if the behavior persists if you close the current activity and open again, and whether it persists if you restart the app. If you have discrete repo steps based on one of the Drive samples that would be helpful as well. – PaulR May 25 '18 at 14:44

1 Answers1

0

This looks like the desired behaivour.

Only after the sync, will the GoogleSignIn.getLastSignedInAccount(this) get to know, not before that. As you can see, this method is non-blocking.

As an improvement, the API calls for performing operations should return something like a 403 UNAUTHORIZED

Vedant Agarwala
  • 18,146
  • 4
  • 66
  • 89