3

I've found that with https://www.googleapis.com/auth/drive scope, my app can read all existing files (and their contents) in a Google Drive, but when I auth the app, it says that this scope can also delete files in the drive and I don't want to grant that.

I know that by itself https://www.googleapis.com/auth/drive.file only allows the app to read files created by the app itself or especially granted access.

I've tried other combinations, but can't find one where the the app can read the contents of any file I can see, but can't delete anything. This is the closest I've come:

  • https://www.googleapis.com/auth/drive.metadata
  • https://www.googleapis.com/auth/drive.file
  • https://www.googleapis.com/auth/drive.activity
  • https://www.googleapis.com/auth/documents

Is there a combination that will achieve my goal?

Nic Cottrell
  • 9,401
  • 7
  • 53
  • 76
  • have you tried `https://www.googleapis.com/auth/drive.readonly`? Scope meanings can be found [here](https://developers.google.com/drive/api/v3/about-auth) – NightEye Jul 01 '21 at 15:28

3 Answers3

1

Based on your needs, you should be eyeing https://www.googleapis.com/auth/drive.readonly. This enables you to read the file metadata and content.

Allows read-only access to file metadata and file content.

Resource:

NightEye
  • 10,634
  • 2
  • 5
  • 24
0

There isn't one if you have access to read and write to a file then you will also have access to delete that file.

Its how they have permissions setup.

enter image description here

If you don't want to upload and only download try drive readonly. scopes#drive

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • But I don't need the app to write anything. I just need to it to be able to read the content of the files, no make any changes at all. Can that be achieved? – Nic Cottrell Jul 01 '21 at 15:18
  • You could go with read-only access but your still going to have to download the file Drive doesn't have access to actually see the contents of a file. – Linda Lawton - DaImTo Jul 01 '21 at 17:08
  • The original: https://developers.google.com/identity/protocols/oauth2/scopes#drive – Horcrux7 Jul 20 '22 at 14:20
0

If you're not intending to create any files or save any data to Drive, then you have the https://www.googleapis.com/auth/drive.readonly scope.

Note that this is a restricted scope that will grant your app with read-only access to the user's entire Drive, but it will also prevent your app from creating any new files or editing existing ones.

If you want your application to be able to access the entire Drive, and you're planning to release your app to the public, you should submit your application to a restricted scope verification and security assessment; otherwise your app will be limited to 100 users, and users will see a warning while your app is unverified.

Here's more information:

Simón
  • 456
  • 8
  • 23