-
Notifications
You must be signed in to change notification settings - Fork 11
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Use file scope as default scope #42
Comments
Hi! Thanks for this enhancement request.
Other apps face the same predicament. If you want interoperability with another app such as Keepass2Android, all such apps need to share the same scope. Unfortunately, that scope is either "all" ( However, I encourage you to carefully "delve in" and experiment with the
|
Yes, this would require to not only prompt the user to go through oauth2, but also then run the google drive file picker and let the user select the existing database file (if available), which then would grant the appropriate permissions to that file. So the extension, instead of blindly saving the file, would have to first prompt the user to select the database file. This could be confusing if user actually has a database created, but during the extensions configuration he didn't select it, then it would act as you mentioned, creating 2nd copy of the database. If any application would "replace" the file by recreating it (which would mean new file id) then this would also break, but that in itself feels like another issue.
I guess, but the problems would mainly be from the confusion side (as explained above) and difficulty (changing existing users from existing setup to new one, unless guarded as optional, more secure way, instead of default one). I don't see how that would break Keepass2Android (there's similar issue there as well) since if it uses "drive" scope, it will be able to see the file created by this app in "file" scope, and if it uses "file" scope then it should be able to access and get permissions to the same file. At least that's how I understood the per file permissions with gdrive file picker. I also checked this with keepass2android, it could see the files created by another app that uses just file scope without issues. But I do see why "drive" permission is used and how it would be less intuitive and maybe problematic to use "file" permission. |
Is your feature request related to a problem? Please describe.
Not exactly a problem, but I feel like giving full access to the google drive is not very safe. I do not see a good reason why extension should default to this method, besides the dev work required to make it use
file
scope.Describe the solution you'd like
I would prefer that by default the scope used by the extension would be just
file
as that grants per file access and mitigates risk of malicious extension deleting all your drive files and/or reading them.Describe alternatives you've considered
Using legacy method which allows use of custom oauth credentials and to choose file scope.
Additional context
As I understand the default scope used is
Drive
which grants the extension access to all of the drive contents.google-drive-sync/src/GoogleDriveSyncExt.cs
Lines 1403 to 1415 in 19ae491
Also I haven't really delved into how it would work with just
file
scope, but I imagine since it already has an option for it using legacy oauth method it shouldn't be too difficult to use it with non-legacy method.This is also further supported by Google comments on scopes:
The text was updated successfully, but these errors were encountered: