-
Notifications
You must be signed in to change notification settings - Fork 381
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[design] Migrate GDrive from service account to OAuth #3047
Comments
ping on this and #3048 - Could I get some feedback on these design proposals? |
Hello @jkowalski - Could you take a look at this design proposal as well as #3048? |
This sounds like a great idea, would refresh tokens be permanent or time-bounded? Running HTTP server is a common thing these days for precisely this reason, we can add more use cases like this (for example |
Thanks for the review! The refresh token is long-term, but with some caveats. We can be smart and detect if the refresh token is expired due to one of these edge cases, though hitting these in practice should be rare. |
Hi @jkowalski,
As people reported in #2656, the current GDrive auth doesn't really work as the service account's quota is used instead of the user's. To fix this, we need to migrate to OAuth-based auth. I'm interested in taking on this work, but I'd like your review on this design.
We have two options in terms of grant scope:
With
drive.file
scope, we need to ask the user to grant us access to one Drive folder. As far as my research goes, the only way is through the Drive File Picker API, which must be embedded in a web page. One way to do it is to run a temporary HTTP server for this.The upside of this approach:
The downsides:
repository create
needs to show a link that the user needs to visit and interact with the Drive widget. If the user runs this command from a headless server behind a NAT, they may need to port-forward the server to their desktop. Alternatively, they can runrepository create
on a desktop and copy the files over.repository connect
is unaffected.Questions:
repository create
? Can you think of a better way through this?Best,
xkxx
The text was updated successfully, but these errors were encountered: