Google Drive SDK Service Account Error “The authenticated user has not installed the app with client id …”

By : Irwan
Source: Stackoverflow.com
Question!

I am trying to create a Google Drive app that can run in the background (e.g. a cronjob), without any user interaction, using Google Drive SDK Service Account, but it gives me this error and I can't understand why:

Error calling POST https://www.googleapis.com/upload/drive/v1/files?uploadType=multipart: (403) The authenticated user has not installed the app with client id {my_client_id}

On Google APIs Console, I have activated Drive API and Drive SDK. On the Drive SDK tab, I have setup all the required information. I also have published my app for testers only to the Chrome Web Store, and installed it into my Google Chrome and the application name appears on my Google Drive "Create" menu.

This is a snippet of my code:

<?php

require_once dirname(__FILE__).'/google-api-php-client/src/apiClient.php';
require_once dirname(__FILE__).'/google-api-php-client/src/contrib/apiDriveService.php';

$apiClient = new apiClient();
$apiClient->setClientId(DRIVE_CLIENT_ID);
$apiClient->setClientSecret(DRIVE_CLIENT_SECRET);
$apiClient->setAssertionCredentials(new apiAssertionCredentials(
    OAUTH2_EMAIL, 
    array('https://www.googleapis.com/auth/drive.file'), 
    file_get_contents(SERVICE_ACCOUNT_PRIVATEKEY_FILE))
);

$apiDriveService = new apiDriveService($apiClient);

$file = new DriveFile();
$file->setTitle('filename.txt');
$file->setMimeType('text/plain');
$createdFile = $apiDriveService->files->insert($file, array(
    'data' => 'file content goes here....',
    'mimeType' => 'text/plain'
));

?>

From what I understand, an application can use Service Account for Google Drive SDK on behalf of a user. Does that mean that there is no authentication question (request for permissions) to the user? Then how does the application authenticate itself? Or my understanding is probably wrong? Please help to enlighten me over here.

By : Irwan


Answers
Service Accounts is not supported by the Drive SDK due to its security model.

What I would suggest is to open (or create) a file from the Drive web UI with your application and store the retrieved access and refresh tokens you get after the OAuth 2.0 authorization flow has completed.

From your cron job, simply retrieve those credentials to send authorized requests to the Drive API on behalf of your user.

By : Alain


This video can help you solving your question :)
By: admin