Can I grant permissions to a Google Drive folder via the API authenticated as a service account?

0
votes

I want to set up a file store for my club, and I need to grant read-only access to members via our website. For lack of being able to integrate Google Drive on our website in an iframe, I picture the following scenario for granting member access:

  1. The user, while logged in to our club website, hits a button that reads 'Grant access to Google Drive folder".
  2. Some server-side PHP code calls the Permissions API authenticated as my Google service account, requesting that the folder be shared with the current user's e-mail address.
  3. The user receives a notification mail from Google that he uses to access the folder.

Can this be done? It would seem so from reading https://developers.google.com/drive/service-accounts. Would I simply need to hard code the authorization code of my service account and then be able to count on it not changing? Or do I need more?

Thanks in advance.

1
phpgoogle-drive-api

1 Answers

1
votes

Ok, it seems like this use case is doable. Note, however, that any given folder or file in Google Drive can be only shared with a maximum of 200 individual e-mail addresses.

Here's what I did: 1) Used the quickstart example https://developers.google.com/drive/quickstart-php to visit the auth URL, generate an auth code and use it to generate an access token by using:

$accessToken = $client->authenticate($authCode);
print_r($accessToken);

This code will print the contents of the access token in the browser/console as a JSON object. I am then able to use this JSON object for all future requests as long as the object contains a refresh token, which shouldn't expire.

I am then able to create an apiClient using the contents of my string containing the access token:

$credentials = '{json representation of access token}';
$apiClient = new Google_Client();
$apiClient->setUseObjects(true);
$apiClient->setAccessToken($credentials);

Finally, I'm able to make API calls to act on behalf of my user account.

I found this useful: https://developers.google.com/drive/auth/web-server