When usingGoogle Drive, how to grant permission for a Java application using the SDK to download binary files

I have written a Java application using Google's SDK v3 and Java 8 to download binary files from Google Drive (not Google doc or sheets or anything like - binary files I uploaded there). My app has no trouble listing the files, but when I try to download one I get a permissions error:

Exception in thread "main" com.google.api.client.http.HttpResponseException: 403 Forbidden
{
 "error": {
  "errors": [
   {
    "domain": "global",
    "reason": "appNotAuthorizedToFile",
    "message": "The user has not granted the app 38578455738 read access to the file 1acfVsq9dUUYuk6q9gM69aWVasvdfr.",
    "locationType": "header",
    "location": "Authorization"
   }
  ],
  "code": 403,
  "message": "The user has not granted the app 38578455738 read access to the file 1acfVsq9dUUYuk6q9gM69aWVasvdfr."
 }
}

The code that attempts to download is:

    String fileId = "1acfVsq9dUUYuk6q9gM69aWVasvdfr";
    OutputStream outStream = new ByteArrayOutputStream();
    service.files().get(fileId).executeMediaAndDownloadTo(outStream);

My questions are:

How do I know that my app is 38578455738?

How do I grant it (or anyone) permission to download?

I have tried using the Google Drive web interface to share with "anyone" but that didn't help.

2 answers

  • answered 2018-12-05 20:06 Richard Campbell

    1. You know that your app is 38578455738 because you register your application in the Google API Console.
    2. You authorize your app using OAuth 2.0, with the user granting Google a scope of access that includes download, such as https://www.googleapis.com/auth/drive.readonly

    Relevant links: About Authorization - https://developers.google.com/drive/api/v3/about-auth

    Setting up API Keys - https://support.google.com/googleapi/answer/6158862?hl=en

  • answered 2018-12-06 10:15 DaImTo

    Service accounts are not you. Think of a service account as a dummy user. It has its on Google drive account, Google calendar account and probably a few more.

    The good thing with service accounts is they can be preauthorized this makes them be idea for use with server to server communication like cron jobs.

    Exception in thread "main" com.google.api.client.http.HttpResponseException: 403 Forbidden
    {
     "error": {
      "errors": [
       {
        "domain": "global",
        "reason": "appNotAuthorizedToFile",
        "message": "The user has not granted the app 38578455738 read access to the file 1acfVsq9dUUYuk6q9gM69aWVasvdfr.",
        "locationType": "header",
        "location": "Authorization"
       }
      ],
      "code": 403,
      "message": "The user has not granted the app 38578455738 read access to the file 1acfVsq9dUUYuk6q9gM69aWVasvdfr."
     }
    }
    

    Means exactly that. The user who owns the file 1acfVsq9dUUYuk6q9gM69aWVasvdfr has not granted the application 38578455738 access to their data.

    IMO this error message is a little miss leading this is why i have asked you to post your authentication code. The way the error message reads makes me think that the currently authenticated user is not the service account and that this user has not gone though the consent process.

    However if you are currently logged in as the service account. Its actually the service account user who does not have access (this assumes that your using service account authentication code when you are logging in to download the file. ). Then in order for the service account to access the file. The user who owns it must share the file with the service account. To do that take the service account email address go to the Google drive website find the fine in question and share the file with the service account. Give it read or wright access which ever it needs. The service account should then have access to the file.