Is there any chance there will be support for Service Accounts with Google Drive?
I wanted to use rclone to sync a folder from google drive to my webserver. Given that this folder isn’t “mine”, but of my client, a service account would allow me to set the whole thing up without requiring my client to run the config wizard where he gives access to “his whole drive” to an application he doesn’t understand.
He would “simply” share the drive folders he wants to (in readonly) with the service account.
Also, other people could also “just share” folders without having to authorize anything.
(Another script would then add all shared folders to the service account’s root, so that rclone doesn’t need to search in “shared folders”).
Sounds like a great idea, however I have no idea how the whole service account thing works. Can you explain more? Can I get one to test with?
I’m rather new to the concept as well.
Anyway, you can create one with ease by going to the page in the IAM interface in your google console. (You need to have a project.)
After creating the account, Google will then give you a JSON file containing the private key to use when accessing the API.
From this JSON file, the application should then create and sign a JWT (JSON Web Token). The
go client should be able to help with this.
With the signed JWT you can ask the API for a “regular” access token to access the API “on the app’s behalf”. And from there it should be the same like the normal accounts. When the access token expires, you just create a new one using the same old JWT.
The whole process is described here:
developers.google.com/identity/protocols/OAuth2ServiceAccount . (<- I would make this a link, but the forum doesn’t let me put more than 2 links in a post because I’m new).
Just ignore anything that has to do with “Google Apps / G-Suite domain-wide authority”, anything specific to “Apps Engine” and “Compute Engine”.
I hope some of this helps
Thanks for that. Do you think you could write it up in an issue on github please?
Sure, no problem!
Here it is: