Full Google Drive Access

simon.m.shapiro · June 13, 2019, 6:52pm

Requirement

I want to allow my app to register users and have access to their google drive accounts.

Problem

I am really struggling to set up the auth for google drive.
I get told tha this functionality is ‘sensitive’ I have to have a verified domain. As I understand it, the usual domain provided by Anvil isn’t in this category.
The Anvil documentation loops around the python google sdk promising to provide a client id and secret but nothing gets close to getting the client id and secret.
The google documentation has the issue with verified domain.
The documentation in this area on Anvil is really old or poor.
Does anyone have an example or explanation of how to get full access to the google drive files - not just those uploaded from the app.

simon.m.shapiro · June 14, 2019, 7:56am

Partial resolution

I have managed to get this working. I thought I would update the forum with the details. I must warn readers that it was arrived at through a lot of random clicking so it might still be inaccurate.

Here’s what I did:

I enabled the google drive api in the console
I set-up client-id credentials from this part of the console
The return url is https://anvil.works/apps/_/client_auth_callback which is on the anvil google REST instructions
I think you need a consent page as well.

shaun · June 17, 2019, 3:11pm

Hi @simon.m.shapiro, thank you very much for sharing your solution here. This definitely did need to be documented better, so I’ve written a step-by-step guide. This will shortly become part of the reference docs.

This step-by-step guide works for me, does it agree with what you did?

The Guide

For advanced use of Anvil’s Google integration, you need to let Google Developer Console know about your app.

If you want to do either of these things:

You need to configure some credentials using Google Developer Console.

This Google support answer describes the basic process. We’ll go through it in more detail in the following sections.

Create a Project and open the Credentials screen

First, create a project or select an existing project.

The top bar of the Google Developer Console, with the project selection dropdown circled

Then select ‘APIs and services’ from the hamburger menu:

The hamburger menu of the Google Developer Console, showing options including 'APIs and Services'

Select ‘Credentials’:

The side navbar of the Google Developer Console, with Credentials highlighted

First, you need to set up an OAuth consent screen. Then, you can create an OAuth Client ID that allows your Anvil app to identify your Google project.

Set up an OAuth consent screen

Click on ‘OAuth consent screen’. This is where you set up the screen that your users will see to give your app certain permissions on their Google account. You’ve probably seen this sort of screen before when using a new app, it will say something like “App X would like to: use your location”.

The first part of this form is pretty self-explanatory; keep the application type as ‘Public’ and set your application name and logo as appropriate.

The top of the OAuth Consent screen, where you can add an application name and logo.

The ‘Scopes for Google APIs’ section allows you to list the permissions to request from the user. If you want to access your users’ Google Drive files, you will need to add ../auth/drive.file .

The scopes list with ../auth/drive.file added to it.

In the ‘Authorised domains’ section, add any domains your app will be running under. This may be anvil.works for running your app in the editor, anvil.app for the live version, or your own domain if you’re using a Custom Domain.

The Authorised Domains list with anvil.works added to it.

Create an OAuth Client ID

Click on ‘Credentials’, then ‘Create Credentials’ and select OAuth Client ID:

The Credentials view in Google Developer Console - OAuth Client ID selected from the Create Credentials dropdown.

You’re given a list of application types - choose ‘Web application’:

The first part of the Create OAuth Client ID form. The application type 'web application' is selected.

Now enter https://anvil.works/apps/_/client_auth_callback in ‘Authorised redirect URIs’. Be sure to press enter in this box so that it gets added to the list - it will look like this:

The Authorised Redirect URIs list with the Anvil client_auth_callback URI added.

Hit ‘create’ and you will be shown the client ID and secret:

Google Developer Console modal stating that an OAuth client has been created and giving the client ID and secret.

Now go to your Anvil app and open the Google API Service. Paste the client ID and secret into the boxes in the “Access your users’ Google Drive files” section:

Google API Service view in Anvil showing the Client ID and Secret pasted in to the 'Access your users' Google Drive files' section.

Test that it works

You should now be able to use any Google REST APIs you have requested scopes for. If you have requested the ../auth/drive.file scope, you can run this code to read the names of the users’ files:

  anvil.google.drive.login()

  folder = anvil.google.drive.get_user_files()

  for f in folder.list_files():
    print f["title"]

If this works, you’ve correctly set up Anvil to access your Users’ Google Drive files and use Google REST APIs.

simon.m.shapiro · June 17, 2019, 3:45pm

Yes. That’s pretty much correct. Hopefully others will test it as well. It’s super useful to have all google files in scope as part of a solution architecture.

shaun · June 17, 2019, 3:53pm

Thanks for taking a look

thefrielest · June 18, 2019, 8:15pm

@shaun this is perfect timing working on the same issue, just about to dive in. The images for this post are not loading properly (for me at least).

shiladityamajumder07 · August 28, 2021, 11:22am

How to get the access of a file which is in google drive I want to load a json and a text file from google drive but was unable to do it?