googledrive
googledrive copied to clipboard
tidyverse
Resource key may be necessary to access certain shared files
Just a head's up: a security fix for Google Drive URLs will be rolled out in Sept 2021.
https://arstechnica.com/gadgets/2021/07/heres-what-that-google-drive-security-update-message-means/
Google's new link scheme adds a "resourcekey" to the end of any shared Drive links, making them harder to guess. So a link that used to look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/" will now look like "https://drive.google.com/file/d/0BxI1YpjkbX0OZ0prTHYyQ1U2djQ/view?resourcekey=0-OsOHHiQFk1QEw6vIyh8v_w." The resource key makes it harder to guess.
I'm not sure exactly what updates need to be made to googledrive to account for this change.
Just checking, has this been addressed? As far as I can tell, the package (v2.0.0) is still working as intended, although we are over the 13th Sept 2021 deadline.
I haven't changed anything yet, no.
As for the deadline passing, I find this is often how deadlines go with Google service changes. Of course, we can't count on it, but the transition period often ends up being longer (sometimes MUCH longer, like years) than officially indicated.
But I'm not counting on that. I'm just working on something that's a higher priority atm.
https://developers.google.com/drive/api/v3/resource-keys
https://workspaceupdates.googleblog.com/2021/06/drive-file-link-updates.html
Developers: Items that have a Drive API permission with type=domain or type=anyone, where withLink=true (v2) or allowFileDiscovery=false (v3), will be affected. In addition to the item ID, your application may now also need a resource key to access these items. Use our Developer resource to learn more about how this update will impact your projects.
where the "developer resource" they refer to is the first link above.
Quoting from https://stackoverflow.com/a/69099793:
API to get the file
https://www.googleapis.com/drive/v3/files/${file_id}?fields=*
https://developers.google.com/drive/api/v3/reference/files
- shortcutDetails.targetResourceKey string The ResourceKey for the target file.
- resourceKey string A key needed to access the item via a shared link.
So a link that used to look like https://drive.google.com/file/d/${file_id}/
will now look like https://drive.google.com/file/d/${file_id}/view?resourcekey=xxxx-xxxx-xxxx-xxx
Email I received 2021-08-10
Hello Google Drive Developer,
We have identified you as a Developer who has used the Drive API in the last 30 days. We are writing to let you know that on September 13, 2021, Drive will apply a security update that will change the links used to share some files, and may lead to some new file access requests. Access to files won’t change for people who have already viewed or modified these files.
Please update your code as detailed below before September 13, 2021, to avoid failing requests.
What do I need to know?
Items that have a Drive API permission with type=domain or type=anyone, where withLink=true (v2) or allowFileDiscovery=false (v3), will be affected by this security update.
In addition to the item ID, your application may now also need a resource key to access these items. Without a resource key, requests for these items may result in a 404 Not Found error (See below for details). Note that access to items that are directly shared with the user or group are not affected.
Will this change affect me?. If your application uses the Drive API to access files which have been shared with a user through link sharing, your application may be affected by this change.
What do I need to do?. To avoid errors accessing files, you must update your code for accessing files to include the appropriate resource keys. Details on how to do this for each of the affected Drive APIs is included below:
Changes to the Drive API.
The resource key of an item is returned on the resourceKey field of the file metadata in the Drive API response.
If the file is a shortcut file, then the resource key for the target of the shortcut can be read from the shortcutDetails.targetResourceKey field of the same resource.
URL type fields such as exportLinks, webContentLink, and webViewLink will include the resourceKey.
Requests to the Drive API can specify one or more resource keys with the X-Goog-Drive-Resource-Keys HTTP request header.
Learn more about this change from the Drive API guide.
Changes to Apps Script.
The DriveApp from Apps Script has been updated to return the resource key of a file or folder with the getResourceKey method.
Note: When fetching a file or folder, the resource key can be specified on the getFileByIdAndResourceKey or getFolderByIdAndResourceKey methods.
Changes to Drive UI Integrations
If your application is integrated with the Drive UI to create or open items, it will receive resource keys when your application is invoked from the Drive UI.
The state information for a New URL will contain folderResourceKey, which is the resource key of the folder where the new item should be created.
The state for an Open URL will contain a mapping of file ID to resource key in the resourceKeys field.
Learn more about integrating with the Drive UI on our website.
Which projects may be affected?
Your projects that have used the Drive API in the last 30 days and may be affected by this change are below:
googlesheets4-dev (robust-fin-276504) gargle (gargle-169921)
To get help with these changes, see the Drive API support options on our website.
Thanks for choosing Drive API.
Sincerely,
The Google Drive Team
My current inclination is to sit on this until I have a concrete example of someone bumping up against it. I am not immediately able to get my hands on a concrete example of a file for which the resource key is necessary for API access. It is not practical to adapt to this change until I have a concrete example to work against.