The published web app can no longer be used in accounts where API Access Control block unknown apps

ericyd / gdrive-copy

Web app to copy a Google Drive folder

https://script.google.com/macros/s/AKfycbxbGNGajrxv-HbX2sVY2OTu7yj9VvxlOMOeQblZFuq7rYm7uyo/exec

MIT License

1.58k stars 342 forks source link

The published web app can no longer be used in accounts where API Access Control block unknown apps #191

Open NoSubstitute opened 1 year ago

NoSubstitute commented 1 year ago

Bug summary

Any specific steps to reproduce the issue?

Try to add the app client_id in API Access Control here. Click the Add app link and supply the client_id. https://admin.google.com/ac/owl/list?tab=configuredApps

client_id: 983475130545-e81q4d30k615fsr942krcejaajriv23a@developer.gserviceaccount.com

Since the client_id can not be found, it can't be added to the allowed list.

Oath of good faith

[X] I, the author of this Issue, do solemnly swear that I've looked real hard for duplicate issues and I came up empty!!

ericyd commented 1 year ago

This is an issue with your GSuite account settings, I don't have control over this configuration

santi-ifontana commented 3 weeks ago

@NoSubstitute try with this ID: 983475130545-e81q4d30k615fsr942krcejaajriv23a.apps.googleusercontent.com

It worked for me.

NoSubstitute commented 3 weeks ago

It worked for me. Hello @santi-ifontana - thanks for trying to help. Adding that, I get one step closer, but I'm still blocked.

This is the URL. https://accounts.google.com/signin/oauth/danger?authuser=0&part=SomeUniqueValueHere&flowName=GeneralOAuthFlow&hl=sv&as=SNumbersHere%3AOtherNumbersHere&client_id=983475130545-e81q4d30k615fsr942krcejaajriv23a.apps.googleusercontent.com&rapt=SomeOtherUniqueValueHere

I am trying to limit access to only necessary things. So I didn't choose Trusted, but instead Specific Google data.

santi-ifontana commented 3 weeks ago

@NoSubstitute At first I also tried "Specific Google data" to limit the scope, but that did not work for me either. Only "Trusted" seems to work. Also remember that you are pre-whitelisting, not actually giving permissions by selecting Trusted, only when you follow the wizard with your user is that you are allowing permissions into your account.

Please try again and let me know :)

NoSubstitute commented 3 weeks ago

Yeah, setting it to Trusted works, but that makes the Specific data setting pointless. 😞 Thank you.

santi-ifontana commented 3 weeks ago

Yeah, I agree. I don't know why it does not work when you set the specific access, maybe because it is in BETA as displayed there. Also, this additional step of grating additional access was not necessary, something happened on Google's side enforcing greater control.

NoSubstitute commented 3 weeks ago

Oh, enforcing granted access is by default for Workspace for Education for users Under-18, as Google forced the setting to Block API access for all unknown third-party services, which is something all organisations should have set as default a long time ago, when the feature was introduced in API Access Control.

It was one of the best days of my working life when I could just tick a single box, and no external Login with Google-junk was accessible, unless pre-approved by me.

santi-ifontana commented 3 weeks ago

That explains why you had this issue since 2023 and the rest of us just recently https://github.com/ericyd/gdrive-copy/issues/193

I didn't know, thanks for that clarification.