I have an external application that is making use of OAuth 2.0 to connect to access Google Drive API. The app has domain-wide delegation enabled and in the scope, it has been configured with the necessary Drive API.
So with this, will my app be able to access all the files in any user's Google Drive in the Google workspace, or is it possible that some files might not be accessible to my application?
The answer depends on the scope you choose in the Drive API, like there are different scopes with the Google Drive API, those are:
Recommended - These scopes provides the smallest scope of authorization access and does not require any app verification or security assessment.
Sensitive - These scopes allow access to Google User Data and require a sensitive scope verification process. For information on this requirement, see Google API Services: User Data Policy. These scopes do not require a security assessment.
Restricted - These scopes provide wide access to Google User Data and require you to go through a restricted scope verification process. For information on this requirement, see Google API Services: User Data Policy and Additional Requirements for Specific API Scopes. If you store restricted scope data on servers (or transmit), then you need to go through a security assessment.
I will go with one of the example of OAuth 2.0 scope information for the Drive API:
https://www.googleapis.com/auth/drive
The above Auth scope is restricted, and it gives you full, permissive scope to access all of a user's files, excluding the Application Data folder.
I hope this might be helpful for you.
