You are creating a web application that runs in a Compute Engine instance and writes a file to any user's Google Drive. You need to configure the application to authenticate to the Google Drive API. What should you do?
A.
Use an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
B.
Use an OAuth Client ID with delegated domain-wide authority.
C.
Use the App Engine service account and https://www.googleapis.com/auth/drive.file scope to generate a signed JSON Web Token (JWT).
D.
Use the App Engine service account with delegated domain-wide authority.
A. Use an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
To write a file to a user's Google Drive from a web application, you need to obtain permission from each user to access their Google Drive account. This is typically done using OAuth 2.0, where users are redirected to a consent screen where they grant your application permission to access their Google Drive with the specified scope.
correct answer is C. In the link you proposed about access view is clearly stated that you can prevent access to the underlying dataset and give access only to data that is in the view after applying the query.
I would've chosen option B if all users are in the same domain, it allows the application to authenticate to the Google Drive API with domain-wide authority, meaning that it will be able to access all users' Google Drive accounts within the domain. This is necessary because the application needs to be able to write a file to any user's Google Drive.
But the question said any user (could be the same domain or different domains), In that case, option B would not be the best choice because it only allows for domain-wide authority. Instead, option A would be the best choice because it allows the application to obtain an access token for each individual user, regardless of whether they are in the same domain or a different domain. This ensures that the application has the necessary permissions to write a file to each user's Google Drive.
A is correct for me.
https://developers.google.com/drive/api/guides/about-auth: "So, when possible, use "recommended" scopes as they narrow access to specific functionality needed by an app. In most cases, providing narrow access means using the https://www.googleapis.com/auth/drive.file per-file access scope" plus each user need their token to acces their own files.
A is the most suitable answer in my opinion. Auth tokens should be requested per user (So for each user, a token is requested by the application and the user needs to authorise the application).
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
santoshchauhan
7 months, 3 weeks agoAeglas
11 months, 1 week ago__rajan__
1 year, 1 month agotelp
1 year, 9 months agoomermahgoub
1 year, 9 months agoomermahgoub
1 year, 9 months agojcataluna
1 year, 10 months agobrunoguzzo18
2 years, 2 months agotomato123
2 years, 2 months agoBlueocean
2 years, 9 months agoParagSanyashiv
2 years, 9 months agoanisov
2 years, 10 months ago