![]() Scroll down all the way, click Manage Domain Wide Delegation, Add New and input the following information:.Scroll down all the way, click API Controls.Granting service account access to the domain The JSON file with access credentials including the private keys will be saved to your machine, something like duplicacy-app-4e8ade810e46.json.This will grant the service account access to all users’ data on the domain. Expand SHOW DOMAIN DELEGATION and tick the checkbox there.Back on the “Credentials” page click on the pencil next to the service account we just created:.Fill in service account details and click CREATE:.In the popup menu select “Service Account”: Go back to “API & Services”, “Credentials”, and click + CREATE CREDENTIALS. Confirmation screen will be displayed in a little while.The drive scope would have been added to the more restrictive sensitive scopes. The scope would be added to the list of Non-Sensitive scope list.auth/drive.appdata) or paste the scope URL to “Manually add scopes” box. auth/drive.appdata scope.Įither click the checkbox next to the desired scope (. For placing the datastore to the hidden app-data folder that only duplicacy can access, without giving it full access to the entire drive use.If you would like the datastore to be placed into the My Drive folder we need to grant access to scope, which is full permission scope.The available scopes are described here.This part is very important: this will define application access scope.Scroll down, add developer contact info, and click SAVE AND CONTINUE:. ![]() Choose app name and user support email:.On the left, click “Credentials” (If you are lost, this is located under Hamburger Menu, under “API & Services”), and then CONFIGURE CONSENT SCREEN. Once API is enabled you will end up back on the project page.Search for “Google Drive” and click on “Google Drive API”:.If needed - click Hamburger Menu, “API & Services”, to end up on this screen: If the newly created project is not selected in the drop-down box up top – select it.Select your organization in the dropdown list if it is not yet selected and click NEW PROJECT: Log in to and click the drop-down, between words “Google Cloud Platform” and “Search products and resources” up top.Modify duplicacy code to honor subject and scope fields in the token file, until the change makes it to the release.On under Security, API Controls, Domain-wide Delegation add created API client with the same scope as in step 3 above.Add scope key pointing to the chosen scope (can be omitted for drive scope).Add subject key to the downloaded JSON pointing to the user to impersonate.Create Service Account, enable Domain-Wide Delegation, and export JSON with credentials.Configure Internal OAUTH with scope (or drive or drive.file to place the datastore into My Drive folder).We can avoid drawbacks 1-2 by providing duplicacy with credentials to a service account created in our own project with permissions to impersonate the specific user.ĭrawback 3 can be avoided by using drive.appdata instead of drive or drive.file scope to store the duplicacy datastore thus limiting exposure of the user’s Drive folder and avoiding polluting the latter with the former. The duplicacy datastore sticks in the user’s Drive as a sore thumb, polluting recently changed files list with opaque chunk data.The OAUTH credentials need to be renewed periodically requiring to be reachable and available.Duplicacy-owned Google project is used to create login credentials, shared by all users.The existing mechanism described in the duplicacy documentation works, but suffers from several drawbacks: Building duplicacy from source to get support for subject and scope fields until releasedĭuplicacy supports the Google Drive backend allowing to utilize storage at the Google Drive account including G-Suite/Google Workspace). ![]()
0 Comments
Leave a Reply. |