Replace drive.readonly with drive.file as default scope to avoid Google verification requirements #80
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
- Change default scope from drive.readonly to drive.file to avoid Google verification requirements - Fix custom scope logic to prevent merging with default scopes - Resolves issues Jose-cd#25, Jose-cd#70 and Jose-cd#79
boufaied
changed the title
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Problem:
Since Google requires specific validation process for drive.readonly scope, and the drive.readonly scope lets the app access sensitive user data, applications using this scope now require extensive verification processes including CASA Tier 2/3 security assessments.
Solution:
This patch addresses two key issues:
Default Scope Change: Changes the default scope from drive.readonly (restricted) to drive.file (non-sensitive) to avoid Google's verification requirements. The drive.file scope doesn't require app verification from Google and provides per-file access, which is more secure and user-friendly.
Scope Logic Improvement: Implements proper logic where custom scopes completely replace default scopes when provided, rather than merging them. This prevents unnecessary scope escalation and gives users full control over permissions.
Benefits:
No Verification Required: drive.file is classified as "non-sensitive" and doesn't require Google's security assessment
Better User Experience: Users can select specific files they want to share with the app through the file picker
Improved Security: Follows Google's recommended practice of using the most narrowly focused scope possible
Cleaner Scope Management: When custom scopes are provided, they are used exclusively without default scope pollution
Related Issues:
References:
Google Drive API Scopes Documentation
Google's Scope Verification Requirements
This change ensures the library works out-of-the-box without requiring developers to go through Google's complex verification process, while still allowing advanced users to specify restricted scopes if needed for their specific use cases.