In [8]:
from __future__ import annotations

import json
from pathlib import Path
import tomllib


def read_service_account_from_json_file(json_path: str) -> dict:
    """Read a Google service account key JSON file and return it as a dict."""
    p = Path(json_path)
    if not p.exists():
        raise FileNotFoundError(f'JSON key file not found: {p}')
    return json.loads(p.read_text(encoding='utf-8'))


def read_service_account_from_toml_secret(toml_path: str, key: str = 'GOOGLE_DRIVE_SERVICE_ACCOUNT_JSON') -> dict:
    """Read service account JSON stored inside a TOML secret value and return it as a dict."""
    p = Path(toml_path)
    if not p.exists():
        raise FileNotFoundError(f'TOML secrets file not found: {p}')

    # tomllib.loads expects a *string*. tomllib.load expects a *binary file object*.
    # Use tomllib.load for robustness.
    with p.open('rb') as f:
        data = tomllib.load(f)

    if key not in data:
        raise KeyError(f'Missing TOML key {key!r}. Available keys: {sorted(data.keys())}')

    raw = data[key]
    if not isinstance(raw, str):
        raise TypeError(f'{key} must be a string in TOML, got {type(raw).__name__}')

    # Strip accidental whitespace around the JSON blob
    raw = raw.strip()

    try:
        return json.loads(raw)
    except json.JSONDecodeError as exc:
        # Helpful context without leaking the whole key
        start = max(0, exc.pos - 120)
        end = min(len(raw), exc.pos + 120)
        snippet = raw[start:end]
        raise ValueError(
            f'{key} is not valid JSON: {exc}\n'
            f'JSON context around pos {exc.pos}:\n{snippet}'
        ) from exc


def build_drive_service(account_info: dict):
    """Build and return a Google Drive v3 service using a service account dict."""
    from google.oauth2.service_account import Credentials
    from googleapiclient.discovery import build

    scopes = ['https://www.googleapis.com/auth/drive.file']
    creds = Credentials.from_service_account_info(account_info, scopes=scopes)
    return build('drive', 'v3', credentials=creds, cache_discovery=False)


def create_text_file_in_folder(drive_service, folder_id: str, filename: str, content: str) -> str:
    """Create a text file in a specific Google Drive folder and return the file id."""
    from googleapiclient.http import MediaInMemoryUpload

    media = MediaInMemoryUpload(content.encode('utf-8'), mimetype='text/plain')
    metadata = {'name': filename, 'parents': [folder_id]}
    created = drive_service.files().create(body=metadata, media_body=media, fields='id, webViewLink').execute()

    file_id = created['id']
    print('Created:', filename)
    print('  id:', file_id)
    if 'webViewLink' in created:
        print('  link:', created['webViewLink'])
    return file_id


In [13]:
import dropbox

dbx = dropbox.Dropbox('sl.xxxxxxxxxxxxxxxxx')

dbx.files_upload(
    b'hello',
    '/hello.txt',
    mode=dropbox.files.WriteMode.overwrite,
)

print('OK, uploaded hello.txt')


AuthError: AuthError('463282878ce941a1822a858c693e50ae', AuthError('invalid_access_token', None))

In [15]:
import dropbox

token = 'sl.u.AGJSdv8uKTFdFBa-eorNBiEQHfCpX-7NXjMvfNdZUVrbactEJkQF8mQX0TN_awtub0Z6YFy8GRDzAGbdLMlINO_WLSmydDbOkPTk9wiLfRvWP6eJZtNneIgtY5FuCKw1fSmKFXpEZb0X-V9rHjLZXe7Uhoat0abNNxac2209eZuoSIhnhckLUdksBAjbwnTqHfV4TUPVzsGJER7XAMKtaKmGvFwTu33HVojNphSqyGA0Np83bn8c2A0-DeHDW98wjw1_a6VnNDex9PSE0NxaG3WEYjbFrV_fm0o6ysLD-0eNubeBLlcE0yD1wCxV6G3Sus0fblYAd7zI73jIiE-MMaMeitxQlkLEkK80eecgXJwgnUU19ypmwidH57E54xWlWENJNHKu2zubfDhzLoZXx5NzHZKjRSiKLHCLitZWXFywU5wzazPj-aGL7knpAlC1mIIy9QwHJEnCLyUI1uckHCDGRQ_Rq0v8HxJuHhcPOzCWX62jNC8cJevQI-vBRC8602Xqdu_ZVjM2wFAjk2cthBq-t_RPL1zeSqU6Fv5BF35YGiPcOb4IQ8kn0xuA75vUBjiXQvOYbocSxDcCpGVxDUx7e0JYJ3RkC8J3vtdTCCMZBI7Kta-kRYDtNJqccs0ObpybLG0R_soO7_x8JQ2lxweGbCFp5ucws0I-zFq54L1aW_bEVlJz340C0YLPqVzvOhGqX8yqbXYzLvpDyeUFVRUp_kUveAekr7T1DUXOeArUosXIeHy6xUhKyYDFKCWekeRIQe1ueuyqIrGetqS5R5q5XankmgN3hkxTqBKIvlZHYer0ih1UpV98SCI5sqwzFfABkQ5OffrIyD0Q1CTEBKWchXJfitiUZQEN8L3zJiDuAmu9F8XM5_iFIzCYMZtMMXF2Oo0odgUNfmo_zlydvZtVOnSYp9w04UY3PcTJsS30EdhVQ71hZhgqmVQv3TEBQkYJH03Gwno64fDxoSzOgJBjZNSIwHpYV3Ne375u16m0pVzg1Vs4EB_hOD7wf1-YTUJaVowuhYXyiIMeA0FpXtusFDdIAxEl2V6N2IFJeQWKnm-6nDZZeY4mgad241kSUE-wWMVFsqCwh3WVOevlcmZ6A1SDyIPUYDWf1Cdgu1L0m4DdTwuqfAI4FaC9nuHIA4bQTGbSX6QvGP9m6CJybzPFdMvpBeJxWuICGNZK7OMKS6tQhBSFYHRA7SNSjd2i53D5EecVoANxas6-tYdwvzOgV8lf-DK91_HS1-LsGLcsMXbMZu5-cvUFB1Qf06ELGLAfBeVpI1ErV77UJVKfB6AE'.strip()
dbx = dropbox.Dropbox(token)

acct = dbx.users_get_current_account()
print('Logged in as:', acct.email)

dbx.files_upload(b'hello', '/hello.txt', mode=dropbox.files.WriteMode.overwrite)
print('Uploaded /hello.txt')


Logged in as: joaquim@gromicho.net
Uploaded /hello.txt


In [9]:
import json
from pathlib import Path
import tomllib


def update_toml_json_secret_from_keyfile_literal(
    toml_path: str,
    json_key_path: str,
    secret_key: str = 'GOOGLE_DRIVE_SERVICE_ACCOUNT_JSON',
) -> None:
    """Write the service-account JSON into secrets.toml using TOML literal multiline quotes.

    This preserves backslashes in JSON (e.g., '\\n' in private_key) so json.loads works.
    """
    toml_p = Path(toml_path)
    json_p = Path(json_key_path)

    with toml_p.open('rb') as f:
        data = tomllib.load(f)

    key_obj = json.loads(json_p.read_text(encoding='utf-8'))

    # JSON text will contain \n escapes in private_key (as required).
    json_text = json.dumps(key_obj, indent=2, ensure_ascii=True)

    if "'''" in json_text:
        raise ValueError("JSON unexpectedly contains ''' which would break TOML literal quoting.")

    lines: list[str] = []

    # Keep existing simple top-level string keys (skip the target secret_key).
    for k, v in data.items():
        if k == secret_key:
            continue
        if isinstance(v, str):
            lines.append(f'{k} = {json.dumps(v)}')
        else:
            lines.append(f'{k} = {json.dumps(v)}')

    lines.append('')
    lines.append(f"{secret_key} = '''")
    lines.append(json_text)
    lines.append("'''")
    lines.append('')

    toml_p.write_text('\n'.join(lines), encoding='utf-8')
    print('Updated TOML secret (literal multiline) from JSON key file:', toml_p)


def read_service_account_from_toml_secret(
    toml_path: str,
    key: str = 'GOOGLE_DRIVE_SERVICE_ACCOUNT_JSON',
) -> dict:
    """Read service account JSON stored inside a TOML secret value and return it as a dict."""
    p = Path(toml_path)
    with p.open('rb') as f:
        data = tomllib.load(f)

    raw = data[key].strip()
    return json.loads(raw)


In [10]:
json_key_path = r"C:\Users\joaqu\OneDrive - UvA\Documenten\GitHub\anekke\Barreiro\.streamlit\streamlit-logger-475213-9994207b56df.json"
toml_secrets_path = r"C:\Users\joaqu\OneDrive - UvA\Documenten\GitHub\anekke\Barreiro\.streamlit\secrets.toml"

update_toml_json_secret_from_keyfile_literal(
    toml_path=toml_secrets_path,
    json_key_path=json_key_path,
)

acct_from_toml = read_service_account_from_toml_secret(toml_secrets_path)
print('TOML JSON parses OK, keys:', sorted(acct_from_toml.keys()))
print('private_key sample:', acct_from_toml['private_key'][:30])


Updated TOML secret (literal multiline) from JSON key file: C:\Users\joaqu\OneDrive - UvA\Documenten\GitHub\anekke\Barreiro\.streamlit\secrets.toml
TOML JSON parses OK, keys: ['auth_provider_x509_cert_url', 'auth_uri', 'client_email', 'client_id', 'client_x509_cert_url', 'private_key', 'private_key_id', 'project_id', 'token_uri', 'type', 'universe_domain']
private_key sample: -----BEGIN PRIVATE KEY-----
MI


In [11]:

acct_from_toml = read_service_account_from_toml_secret(toml_secrets_path)

drive_json = build_drive_service(acct_from_json)
drive_toml = build_drive_service(acct_from_toml)

create_text_file_in_folder(
    drive_service=drive_json,
    folder_id=folder_id,
    filename='hello_from_json.txt',
    content='hello'
)

create_text_file_in_folder(
    drive_service=drive_toml,
    folder_id=folder_id,
    filename='how_are_you_doing_from_toml.txt',
    content='how are you doing'
)

HttpError: <HttpError 403 when requesting https://www.googleapis.com/upload/drive/v3/files?fields=id%2C+webViewLink&alt=json&uploadType=multipart returned "Service Accounts do not have storage quota. Leverage shared drives (https://developers.google.com/workspace/drive/api/guides/about-shareddrives), or use OAuth delegation (http://support.google.com/a/answer/7281227) instead.". Details: "[{'message': 'Service Accounts do not have storage quota. Leverage shared drives (https://developers.google.com/workspace/drive/api/guides/about-shareddrives), or use OAuth delegation (http://support.google.com/a/answer/7281227) instead.', 'domain': 'usageLimits', 'reason': 'storageQuotaExceeded'}]">

In [None]:
import streamlit as st
import dropbox


def upload_text_to_dropbox(path: str, content: str) -> None:
    """Upload a text file to the Dropbox App Folder using the token in Streamlit secrets."""
    token = st.secrets['DROPBOX_ACCESS_TOKEN'].strip()
    dbx = dropbox.Dropbox(token)
    dbx.files_upload(
        content.encode('utf-8'),
        path,
        mode=dropbox.files.WriteMode.overwrite,
    )


upload_text_to_dropbox('/how_are_you_doing.txt', 'how are you doing')
st.success('Uploaded to Dropbox: /how_are_you_doing.txt')


2025-12-14 06:56:27.494 
  command:

    streamlit run C:\Users\joaqu\AppData\Roaming\Python\Python312\site-packages\ipykernel_launcher.py [ARGUMENTS]


DeltaGenerator()