If we use service accounts, is it still recommended that we use our own client_id?

What is the problem you are having with rclone?

I know that it is 10 transactions per second for the user client_id. But for shared rclone client_id, we may get less than 10 transactions per second. So it is advised to use the user client_id.

Here I am just wondering that if using service account (which has already contained some API related permission), is it still recommended that we use our own client_id? (I think the service account has it is own client_id already! Just do not know which one rclone is using by default? The shared one or the one of service account?)

Which cloud storage system are you using? (eg Google Drive)

Google Drive

As far as I understand the service account and the client_id are separate concepts which don't interact.

The service account replaces the user authentication, not the client_id.

But Google Drive API usage also shows up in each project that contains service accounts. The screen is same as client_id's.

I think if service accounts are used, it will use API of the project it belongs to rather than the default API of rclone?

I don't know I'm afraid! Can you do an experiment?

I have played with this a fair bit. Experiments suggest you are correct - In GSuite the projects appear to have their own api limits, and a service account appears to work as a 'user' with typical user limits.

At some point you likely hit limits for the aggregate across your normal users and all of your projects. But haven't checked where that might happen.

Thanks for clearing that up. That was my expectation too from the way you configure projects but I wasn't certain!

Thanks for experiment of @Lex. Does it show that we do not need use user client_id if the user has already used the service account (rather than normal Google account).

If I'm understanding your question correctly, and as far as I know, the client_id issued to a service account is only used for Manage API client access to elevate it / allow impersonation etc. admin>security>advanced>authentication

Zappo is also correct in that SA's are "users", so much so that they technically have their own "My Drive" with the 15GB limit and sharing capabilities, and while you can't access it in a normal manner, you are able to access it with rclone.

The default rclone id gets used during the OAUTH flow, which service accounts don't follow, and your own clientID/secret alters the Choose an account to continue to rclone to your display name

Backburner item for you guys too:
the old rclone picture/logo is displayed during the OAUTH flow still

This topic was automatically closed 90 days after the last reply. New replies are no longer allowed.