Friday, 8 February 2013

Google Drive permissions - Why the app need them?



Hi all,

Recently I've received an email from one of you. Someone asked me why do I need those permissions to connect to Google Drive. Well, below is my answer:

My app is using following scopes for Google Drive:
a) https://www.googleapis.com/auth/drive.install
b) https://www.googleapis.com/auth/drive.file
c) https://www.googleapis.com/auth/drive.readonly.metadata

The first permission "drive.install" is required for apps that want to install itself to users Google Drive. Thanks to this permission you can use option "Open as" and then "Advanced Rest Client" from file context menu. It is one of planned functions in the app and it do not influence any file on Google Drive.

Permission b) is required to open/save file on Drive, but only created by the application.

And finally c) it is required to retrieve list of folders from your drive. It is used when you want to save your file on the Drive. Otherwise the application is only able to save file on root folder. From UX perspective it is not recommended to remove this functionality. Also note, this permission does not allow any access to read or download file content.

More about scopes you can read at https://developers.google.com/drive/scopes. You can check https://code.google.com/p/chrome-rest-client/source/browse/trunk/RestClient/war/drive.js file to know how the app is integrated with Google Drive.  

I'm not planning to change permissions scope. At least until Google introduce Google Folder Picker. For now Drive Picker allows only to pick up a file and I need to pickup a directory.

(end of response)

You are welcome to email me about your concerns or if you have some great idea for the app. I'm always reading your emails (or issues on Goggle code).

Happy RESTing!