2

I have doubts about how the Google Drive API works and how should I use it for my use cases. I have a REST API (based on NodeJS) which uploads documents in the drive. The only user that is actually accessing the drive is the one that runs the REST API (the root on the machine). As I understand, the OAuth2 protocol allows user to allow third-party applications to access it's information. So I'm not sure how my case is compatible with it. I have only one user that requires a one-time permission to be available forever.

Currently I have managed to use the Drive by doing authentication as follows:

const { google } = require('googleapis');
const oauth2Client = new google.auth.OAuth2(
  CLIENT_ID,
  CLIENT_SECRET,
  REDIRECT_URI
);
oauth2Client.setCredentials({ refresh_token: REFRESH_TOKEN });
drive_instance = google.drive({
  version: 'v3',
  auth: oauth2Client,
});

For that, I registered the Google Drive through the Google Console. There I have the following fields:

{
  "web": {
    "client_id": "CILENT_ID",
    "project_id": "project-id",
    "auth_uri": "https://accounts.google.com/o/oauth2/auth",
    "token_uri": "https://oauth2.googleapis.com/token",
    "auth_provider_x509_cert_url": "https://www.googleapis.com/oauth2/v1/certs",
    "client_secret": "CLIENT_SECRET"
    "redirect_uris": [
      
    ]
  }
}

Now, going over the docs, they suggest using their Playground. But the period of it being valid is one week.

I want to go production with my REST API but I'm not sure what REDIRECT_URI and REFRESH_TOKEN should be in that case. I actually want to have three instances:

  1. Dev - For development.
  2. Prod - For production.
  3. Test - For integration tests.

I have the basic understanding of how the OAuth2 Protocol works but I'm not sure how to create those three instances, based no my use case. Basically I thought of keeping a config file, one for each mode, and the REST API will use it (based on the CLI options). Can someone please explain the general idea of all the options CLIENT_ID, CLIENT_SECRET, REDIRECT_URI, REFRESH_TOKEN? Do I actually need to "redirect" in each mode, even if it's one user?

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
vesii
  • 2,760
  • 4
  • 25
  • 71

1 Answers1

1

If you are only accessing this one account, and you the develper control it. Then you should be using a serice account.

if you grant the service account access to the directory in drive you want to access then it will have access forever.

// service account key file from Google Cloud console.
const KEYFILEPATH = 'C:\\Youtube\\dev\\ServiceAccountCred.json';

// Request full drive access.
const SCOPES = ['https://www.googleapis.com/auth/drive'];

// Request full drive scope and profile scope, giving full access to google drive as well as the users basic profile information.
const SCOPES = ['https://www.googleapis.com/auth/drive', 'profile'];

// Create a service account initialize with the service account key file and scope needed
const auth = new google.auth.GoogleAuth({
    keyFile: KEYFILEPATH,
    scopes: SCOPES
});

Code shamelessly ripped from my tutorial Upload Image to Google drive with Node Js

Note for web app you are using.

The only reason the refresh token is expiring is because your app is still in test. If you move it to production in google developer console under the oauth consent screen the refresh token will stop expiring.

However there really is no reason to be using a web app if you can get away with using a service account.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449