[英]Google Cloud OAuth consent screen not reflecting changes to scope of (internal) app
I initially set my Google Cloud application up with the full Google Drive scope ( ../auth/drive
) and tested the connection to my personal account (ie gave the app permission).我最初使用完整的 Google Drive scope (
../auth/drive
) 设置我的 Google Cloud 应用程序并测试与我的个人帐户的连接(即授予应用程序权限)。 I am using PyDrive
FYI.我正在使用
PyDrive
仅供参考。
I subsequently deleted the app from my personal account ( Disconnect from Drive ), removed the full scope in the OAuth consent screen settings and replaced it with just the ../auth/drive.file
scope.我随后从我的个人帐户中删除了该应用程序(与驱动器断开连接),删除了OAuth 同意屏幕设置中的完整 scope,并将其替换为仅
../auth/drive.file
Z31A1FD140BE4BEF2D11E181EC9A1。
I then deleted the OAuth credentials and recreated them (and re-downloaded them to my machine), just to be on the safe side.然后我删除了 OAuth 凭据并重新创建它们(并将它们重新下载到我的机器上),只是为了安全起见。
When presented with the OAuth screen, I now expect the scope to reflect that the app only will have access to the files and folders it has created itself.当出现 OAuth 屏幕时,我现在希望 scope 反映该应用程序只能访问它自己创建的文件和文件夹。
The OAuth consent screen still tells me the app will have access to all files and folders in my Drive. OAuth 同意屏幕仍然告诉我该应用程序将有权访问我的云端硬盘中的所有文件和文件夹。
from pydrive.auth import GoogleAuth
from pydrive.drive import GoogleDrive
...
gauth = GoogleAuth()
gauth.LoadCredentialsFile("app_user_secrets.json")
if gauth.credentials is None:
gauth.GetFlow()
gauth.flow.params.update({"access_type": "offline"})
gauth.flow.params.update({"approval_prompt": "force"})
gauth.LocalWebserverAuth()
elif gauth.access_token_expired:
gauth.Refresh()
else:
gauth.Authorize()
gauth.SaveCredentialsFile("app_user_secrets.json")
drive = GoogleDrive(gauth)
Any ideas why this is happening or how I can work around it?任何想法为什么会发生这种情况或我如何解决它?
Turns out PyDrive
sets its own OAuth scopes by default unless you overwrite them.结果
PyDrive
默认设置自己的 OAuth 范围,除非你覆盖它们。 The default is https://www.googleapis.com/auth/drive
as outlined here: https://pythonhosted.org/PyDrive/oauth.html#automatic-and-custom-authentication-with-settings-yaml .默认值为
https://www.googleapis.com/auth/drive
,如下所述: https://pythonhosted.org/PyDrive/oauth.html#automatic-and-custom-authentication-with-settings-yaml 。
I fixed and overrode this by editing my authentication flow and including the following line before the LocalWebserverAuth()
command.我通过编辑身份验证流程并在
LocalWebserverAuth()
命令之前包含以下行来修复并覆盖此问题。
gauth.settings["oauth_scope"] = "https://www.googleapis.com/auth/drive.file"
Another alternative would have been to author my own settings.yaml
file but I did not want to go down that route.另一种选择是编写我自己的
settings.yaml
文件,但我不想 go 沿着这条路线走。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.