Service Accounts not supporting scope = drive.readonly

Situation with this issue

I have managed to work around the issue below because I stumbled upon Animosity022's Suggestion to switch scope from drive.readonly to drive

My question

Is there any plan to fix this, to allow scope = drive.readonly with Service Accounts?

I cannot find any github issue but I wonder if developers have chosen to leave this limitation for now. If that is the case then I can mention in in the docs - I am planning on raising a PR to update then based on Google's latest UI tweaks, and it will be easy to mention this as a limitation whilst I'm in there.

Please let me know if you are aware of planned work to resolve the underlying issue


Details of the issue

Even though I discovered the workaround of switching to scope = drive, I am posting this in case anyone else hits the same issue.

What is the problem you are having with rclone?

I failed to make RClone work with Google Drive service account impersonation until I changed the scope back to drive (removing readonly)

What is your rclone version (output from rclone version)

rclone v1.54.1
- os/arch: darwin/amd64
- go version: go1.16

Which OS you are using and how many bits (eg Windows 7, 64 bit)

macOS Big Sur 11.2.3 64-bit

Which cloud storage system are you using? (eg Google Drive)

Google Drive

The command you were trying to run (eg rclone copy /tmp remote:tmp)

rclone -vv  --drive-impersonate ls myremote:

The rclone config contents with secrets removed.

type = drive
scope = drive.readonly
service_account_file = /Users/me/secrets/GSA-prj-f146843544e59.json

A log from the command with the -vv flag
2021/03/25 16:32:28 DEBUG : rclone: Version "v1.54.1" starting with parameters ["rclone" "-vv" "--drive-impersonate" "" "ls" "myremote:"]
2021/03/25 16:32:28 DEBUG : Using config file from "/Users/me/.config/rclone/rclone.conf"
2021/03/25 16:32:28 DEBUG : Creating backend with remote "myremote:"
2021/03/25 16:32:29 Failed to create file system for "myremote:": couldn't find root directory ID: Get "": oauth2: cannot fetch token: 401 Unauthorized
Response: {
  "error": "unauthorized_client",
  "error_description": "Client is unauthorized to retrieve access tokens using this method, or client not authorized for any of the scopes requested."

Other things I tried

I tried without the --drive-impersonate switch, which ran with no errors at all. However I could not see any files or folder contents - my Google Drive appeared empty - ls showed up blank, and copy gave the response There was nothing to transfer.


rclone config and edit the remote to change scope from drive.readonly to drive

This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.