I have a small site/web application where registered users can see some files that I periodically prepare for them; I store these files in separate directories and every user can only see and download their own files.
Now, I'm moving these directories to Google Drive and I would keep functionalities like file listing and downloading.
Reading the official docs I found some interesting examples about file download/upload, but all of them talk about authorization that user must give in order to access to their Drive and this is not what I'm looking for, I don't want access to their Drive!
As I can see, the doc is not contempling the case that someone may want to give (read-only) access to own Drive. But maybe I'm missing something...
Basically, I need the list of files on my Drive account and, if requested, a way to download one (or more). The only one that has the auth to Drive account is my server, users will send request from it.
Is it possible? I think yes, but I can't find any docs about that. How can I authorize my server?
I think you're looking for the Using OAuth 2.0 for Web Server Applications where you'll be using service accounts to achieve your goal.
"This document explains how web server applications use the Google API
Client Library for PHP to implement OAuth 2.0 authorization to access
Google APIs. OAuth 2.0 allows users to share specific data with an
application while keeping their usernames, passwords, and other
information private. For example, an application can use OAuth 2.0 to
obtain permission from users to store files in their Google Drives."
The snippets are in PHP too, so it works in your favor.
Related
I'm trying to set up a page using XAMPP which will take a file uploaded by the user and upload it to a Google Drive I've created. I'm aware that this is likely a newbie issue, but this is my first time trying to use the Drive API
Most tutorials seem to use OAuth when creating the required credentials, however as I understand it this will require the user to log in with their Google account to give the page permission to store the file. (If this isn't the case let me know.) I would prefer if this wasn't the case, so I'd prefer to use a Service Account.
The issue is that the tutorials I've found seem to require a 'credentials.json' file, which I've gathered is provided by the OAuth system.
I've created a Service Account which has the relevant permissions for the Google Drive API. As far as I understand, OAuth shouldn't be required for my webpage as the files which will be stored will not contain any of the user's private information.
If you know how I can get the file uploads set up using the created Service Account it would be a big help.
I would first like to apologize if this question is a duplicate; perhaps I'm not being able to word what I need correctly because I really couldn't find a solution for my need after several hours of research...
I need logged users of my application (PHP, Laravel 5.7) to be able to download files from a specific folder on my Google Drive on my behalf; of course, without having my credentials, but I'm being unable to figure out how to make the request; all the examples I found were to allow users to download their own files after they authenticate with their credentials. Since Google Drive API uses OAUTH2, I thought I could just send a request to some endpoint with Authentication header bearing my token and the "file id" and the download would start but after scavenging the docs I still couldn't find this endpoint.
EDIT: Thanks to Osama Ibrahim for pointing to me the above endpoint.
Sorry for long text, tl;dr:
I need to know how my application can download a file on my drive programatically, requesting a token with my credentials without having to go through the google login UI.
I am making a web and mobile application that lets you upload files through google drive. the thing is my storage is getting low, somebody told me that i should find a way to upload files depending on the user, it means every user should upload files through their own google drive account and can access it or get a shareable link so the storage consumption would not be crowded with different kind of files. is there a way to do that, if not is there any other cloud storage that provides that kind of concept. Thanks in advance.
For application specific data, you may want to check Storing Application Data. The Google Drive API includes a special hidden folder that your app can use to store application specific data.
As discussed in the given documentation,
The App Folder is a special folder that is only accessible by your application. Its content is hidden from the user and from other apps. Despite being hidden from the user, the App Folder is stored on the user's Drive and therefore uses the user's Drive storage quota.
See if it will help you, otherwise you can use Google Cloud Storage or Firebase Storage as also suggested by Anwar Nairi. Both of these offer storage services which are ideal for your app. Drive API is meant for personal use.
I'm trying to implement Google Drive API. They have quick start example here which is using Google OAuth 2.0. Using for a web application where user will use drive api for creating folder and save files, edit files etc.
Now the problem is OAuth 2.0 is redirecting the page and for authCode and then back to callbackUrl again ie. the usual way. Is there any way so that I can get the authCode without redirecting the url, by using cURL or some library that can do that without redirecting.
I'm using PHP for this app.
We currently offer an alternative flow for installed apps that doesn't redirect back to an app but outputs the exchange code. In order to be sure that user is explicitly giving permissions to your application, we need to intercept the flow for a user action.
If there are no end users involved in your use case, you may like to take a look at the service accounts: https://developers.google.com/accounts/docs/OAuth2ServiceAccount Service accounts also provide impersonation for Google Apps domains.
I am looking to build an API that I can deploy on my servers to monitor system load.
It will report to a central manager server that runs a client to display the information.
The issue I am struggling with is best to secure the API.
What I want is for the client to be the only software that can access the server and retrieve this information but I am unsure how to achieve this using PHP.
I also want the possibility of distributing the API and client for others to use on their servers so I don't want people to be able to access other people data if they are using the API also.
The client is also written in PHP using MySql and has a secure login.
This sounds like you're trying to solve the wrong problem.
I also want the possibility of distributing the API and client for others to use on their servers so I don't want people to be able to access other people data if they are using the API also.
The only right answer to this is authentication. You need to protect your API by giving each user access credentials known only to them.
Your API must never reveal any data that the client isn't allowed to see as per their authentication credentials. Trying to work around this danger by trying to somehow protect the client from prying eyes is not safe - somebody who has access to the client and can observe it running will be able to reverse engineer any traffic between it and the server given enough effort.
If the API is properly secured, it won't matter to you which client tool is used to access it. The requirement to limit API access to a certain program will go away.
if you use SSL, along with authentication (i use 3rd party auth google, fb, etc), create data /reports on the fly and have the data saved in a subdirectory OUTSIDE your web folder (instead of /var/www, /var/myStorage/currentSessionId/), then you basically guarantee the security that you want.
your php will only access a subdir that is named for the session it is running under.