How to let my users save their configuration on Google Drive without sahring my developer credentials.json?
There is something I don't understand, when it comes to using the Google Drive API.
I'm trying to develop a desktop application that lets the user save his config file to his personal Google Drive, so he can use the same config from any computer.
The Python Quickstart guide has an example how to let a user authenticate, but this example requires the user to have the "credentials.json" file that I created in the Google Console. My understanding is that I should not share this file publicly.
So can I allow users to synchronize their configuration on multiple desktop computers without giving them the app's credentials?
import os.path
from google.auth.transport.requests import Request
from google.oauth2.credentials import Credentials
from google_auth_oauthlib.flow import InstalledAppFlow
from googleapiclient.discovery import build
from googleapiclient.errors import HttpError
# If modifying these scopes, delete the file token.json.
SCOPES = ['https://www.googleapis.com/auth/drive.metadata.readonly']
def main():
"""Shows basic usage of the Drive v3 API.
Prints the names and ids of the first 10 files the user has access to.
"""
creds = None
# The file token.json stores the user's access and refresh tokens, and is
# created automatically when the authorization flow completes for the first
# time.
if os.path.exists('token.json'):
creds = Credentials.from_authorized_user_file('token.json', SCOPES)
# If there are no (valid) credentials available, let the user log in.
if not creds or not creds.valid:
if creds and creds.expired and creds.refresh_token:
creds.refresh(Request())
else:
flow = InstalledAppFlow.from_client_secrets_file(
'credentials.json', SCOPES)
creds = flow.run_local_server(port=0)
# Save the credentials for the next run
with open('token.json', 'w') as token:
token.write(creds.to_json())
try:
service = build('drive', 'v3', credentials=creds)
# Call the Drive v3 API
results = service.files().list(
pageSize=10, fields="nextPageToken, files(id, name)").execute()
items = results.get('files', [])
if not items:
print('No files found.')
return
print('Files:')
for item in items:
print(u'{0} ({1})'.format(item['name'], item['id']))
except HttpError as error:
# TODO(developer) - Handle errors from drive API.
print(f'An error occurred: {error}')
if __name__ == '__main__':
main()
You should consult the TOS for using the Google apis
Asking developers to make reasonable efforts to keep their private keys private and not embed them in open source projects.
If you are giving your users the copy of your python code. You may not give your users your credetinals.json file. You must instead instruct your users on how to create their own credetinals.json file.
Solution
Solution to not sharing your credentials its to teach the users of your application to create their own credentials.