Closed dylburger closed 5 months ago
dylburger
commented
4 years ago A specific use case: for the Google Drive app, I want to allow only the scope https://www.googleapis.com/auth/drive.file. The current set of scopes Pipedream requests is prohibited by my company, so I need to request narrower scopes to comply with security guidelines.
pawangspandey
commented
1 year ago Any update here?
johndbritton
commented
10 months ago On 21 Aug 2023 @dannyroosevelt said:
@everyoneishappy thanks for sharing your concern and your questions – FYI we are about to release a new feature to enable you to manage access and create private connected accounts, which will enable you to restrict access to your Google Drive account in the same workspace as others. That should be rolling out as soon as this week – stay tuned for an announcement from us!
Did this ever happen?
I can't connect any Google accounts without the ability to control access at a more fine-grained level. In particular, I need to be able to restrict which drives Pipedream has access to.
dannyroosevelt
commented
10 months ago On 21 Aug 2023 @dannyroosevelt said:
@everyoneishappy thanks for sharing your concern and your questions – FYI we are about to release a new feature to enable you to manage access and create private connected accounts, which will enable you to restrict access to your Google Drive account in the same workspace as others. That should be rolling out as soon as this week – stay tuned for an announcement from us!
Did this ever happen?
I can't connect any Google accounts without the ability to control access at a more fine-grained level. In particular, I need to be able to restrict which drives Pipedream has access to.
That feature that I was describing did ship, yes. But it doesn't sound like that's what you are looking for per se. Are you looking to limit access to specific shared drives in your Google account?
dannyroosevelt
commented
5 months ago FYI we released support for using custom OAuth clients in Pipedream! You can read our docs and get started here.
Currently, Pipedream requests broad OAuth scopes for many apps so that, upon connecting your account, you're able to perform any of our listed actions.
But sometimes I just want to perform a very narrow task, and allow Pipedream access to a subset of the listed scopes.
Other times, I might want to authorize one step of a workflow with access to one scope, and another step access to another, so I can tightly control what steps have access to what auth. This is especially important if I'm running a third party npm package that interacts with a service, and I want to carefully control the access that code has to my account.
Overall, some mechanism for selecting my own scopes when I authorize a connected account in Pipedream feels like it would solve these use cases, but I'm open to any other ideas.