How can i use google api in php to access a specific user's google drive and manage it

Question

i'm in a company for weeks, with the idea to developp php intranet (as a website), using google api to manage some google sheet in google drive.

step by step :

-the user connect to the application with gmail adresse to access to the website. so i used google oauth 2.0 and openid for the security aspect, just for connection and verification(the application verify if the email is correct and have a specific domain : user@test.fr and not user@test123.fr)

-the application need after that to display and manage some directories and google spreadsheet files in google drive on a specific another gmail adresse (ex: service@test.fr)

i've already done the connection to my php application, and i've success to modify a simple spreadsheet test using service account.

edit : so i used service account following this link : https://github.com/googleapis/google-api-php-client/blob/master/docs/oauth-server.md#delegating-domain-wide-authority-to-the-service-account

i wrote this following code to just show the files i have in the service@test.fr google drive :

     <?php
require __DIR__ .'/vendor/autoload.php';

putenv('GOOGLE_APPLICATION_CREDENTIALS=intranetCredentials.json');

$client = new Google_Client([
    'timeout' => 2.0,
    'verify' => __DIR__ . '/cacert.pem'

]);

$client->useApplicationDefaultCredentials();
$client->setScopes(Google_Service_Drive::DRIVE);

$driveManager = new Google_Service_Drive($client);
// Print the names and IDs for up to 10 files.
$optParams = array(
    'pageSize' => 1,
    'fields' => 'nextPageToken, files(id, name)'
);
$results = $driveManager->files->listFiles($optParams);

if (count($results->getFiles()) == 0) {
    print "No files found.\n";
} else {
    print "Files:\n";
    foreach ($results->getFiles() as $file) {
        printf("%s (%s)\n", $file->getName(), $file->getId());
    }
}

i think i'm on the way, but when i execute my php app, i'm getting : "no files found" whereas i have google sheet and google doc file

i've done everything following the link except the delegating domain wide authority to the service account.

any ideas ?

Please read https://stackoverflow.com/help/how-to-ask then edit your question and include your code, and describe any issues you are having with your current solution. — Linda Lawton - DaImTo, Jan 11 '21 at 09:23
It's all a bit unclear to be honest, from your description, but it sounds like _maybe_ your php code needs to use a Service Account to access the spreadsheet instead of asking for a user token. See https://developers.google.com/identity/protocols/oauth2/service-account — ADyson, Jan 11 '21 at 10:10
yes @ADyson sorry for the incomprehension, i'm new to stackOverflow. i've edited my explanation just above. i've followed a guide on youtube to manage spreadsheet and i've used service account. what i dont know is what are my options for my applciation to manage google drive account — TintiGust, Jan 11 '21 at 10:49
`the application need after that to display and manage some directories and google spreadsheet files in google drive on a specific another gmail adresses` ...ok yes, this is what service accounts are for. Read the article I linked you to. — ADyson, Jan 11 '21 at 10:55
@ADyson so if i understand my service account will made request to google account service@test.fr to get an access token as a user could do it. in the article you linked, i only see java and python, they talk about php client api libraries but i dont see anything about that. any idea ? — TintiGust, Jan 11 '21 at 11:06
Yes that's right. And yes the PHP client libraries exist, you can find them with a google search. — ADyson, Jan 11 '21 at 11:09
oh ok i see, maybe i've found the correct thing i've been searching for some days : https://github.com/googleapis/google-api-php-client/blob/master/docs/oauth-server.md so should i use this ? — TintiGust, Jan 11 '21 at 11:18
yes those instructions should show you the basics of how to authenticate with a service account. Go for it. — ADyson, Jan 11 '21 at 11:22
ok thank you, i'll try this in few days. i'll talk about it later here — TintiGust, Jan 11 '21 at 11:27
@ADyson is would not be easier to use the user action ( when he log in the app) to get an access token from my service@test.fr where are store my datas ? because the application manage my google drive file only when someone is logged on the app — TintiGust, Jan 12 '21 at 14:13
Yes but you were saying it might be a different account which logs into the app? So therefore it would not have access to the correct Drive area. Service account overcomes that by using the same (secret) credentials every time without interaction from the user who owns the account. Anyway using service account isn't really very difficult to use. And it's still only accessed whenever someone is using the app. — ADyson, Jan 12 '21 at 15:17

score 2 · Answer 1 · answered Jan 21 '21 at 17:25

2

You need to remember that a service account is not you. A service account is a dummy user account, it has its own google drive account. You are getting no files found because it doesn't have any files.

upload a file
share a file with the service account from your own account.

answered Jan 21 '21 at 17:25

Linda Lawton - DaImTo

106,405
32
180
449

yeah, i understand what you are talking about, but in this case, could i use this : `$client->setSubject('api@test.fr');` to impersonate this user and use his google drive ? I think but with the error in the other one post, i dont know if this really works... – TintiGust Jan 22 '21 at 08:59
did you try doing a file.get on the file? if you don't have access then you will get an error – Linda Lawton - DaImTo Jan 22 '21 at 12:36
@DalmTo i'm sorry for all the mess i makedon stackoverflow with the different posts, i'll answer to my another post for what i found as fi, and for here, as i could finally test my ap without bug, i'll answer here – TintiGust Jan 22 '21 at 15:32

How can i use google api in php to access a specific user's google drive and manage it

1 Answers1