Authenticating to the Google Drive API for App Engine Application

How to Authenticate with Google Drive API for App Engine Application

Prev Question Next Question

Question

You are creating an App Engine application that writes a file to any user's Google Drive.

How should the application authenticate to the Google Drive API?

Answers

A. With an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.

B. With an OAuth Client ID with delegated domain-wide authority.

C. With the App Engine service account and https://www.googleapis.com/auth/drive.file scope that generates a signed JWT.

D. With the App Engine service account with delegated domain-wide authority.

Show Answer

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

https://developers.google.com/drive/api/v3/about-auth

To authenticate an App Engine application that writes a file to any user's Google Drive, we need to choose an appropriate authentication method. The available options are:

A. OAuth Client ID with the https://www.googleapis.com/auth/drive.file scope: This option allows the application to obtain an access token for each user through the OAuth 2.0 protocol. The access token enables the application to perform actions on behalf of the user, such as writing files to the user's Google Drive. The scope restricts the access to only the files created or opened by the application.

B. OAuth Client ID with delegated domain-wide authority: This option allows the application to obtain an access token with domain-wide authority, meaning the application can act on behalf of any user in the domain, not just the ones who explicitly grant access. This method requires an administrator to grant the necessary domain-wide delegation to the OAuth Client ID.

C. App Engine service account with the https://www.googleapis.com/auth/drive.file scope and a signed JWT: This option uses the service account associated with the App Engine application to generate a signed JWT (JSON Web Token) that can be used to obtain an access token with the specified scope. The JWT is signed using a private key associated with the service account and is used to authenticate the application to the Google Drive API.

D. App Engine service account with delegated domain-wide authority: This option allows the application to act on behalf of any user in the domain, not just the ones who explicitly grant access. This method requires an administrator to grant the necessary domain-wide delegation to the service account.

In summary, the most appropriate authentication method depends on the specific requirements of the application. If the application needs to write files only to the user's Google Drive who granted access, option A is the most appropriate. If the application needs to act on behalf of any user in the domain, option B or D may be more suitable. Option C is useful when the application needs to access other Google APIs in addition to the Google Drive API.

Prev Question Next Question