Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

google drive OAuth lockdown #29

Open
joeyh opened this issue Jun 27, 2019 · 3 comments
Open

google drive OAuth lockdown #29

joeyh opened this issue Jun 27, 2019 · 3 comments

Comments

@joeyh
Copy link

joeyh commented Jun 27, 2019

https://arstechnica.com/gadgets/2019/06/gmails-api-lockdown-will-kill-some-third-party-app-access-starting-july-15/

Based on that article, something similar will happen to google drive OAuth "early next year ". I have not been able to find a confirming statement from Google, but I didn't look very hard.

The "app" review process is apparently rather expensive: $15k+. I should note that, if Google wants to verify git-annex as part of a review of this special remote, I will not cooperate with their review, beyond typical free software development norms.

Anyway, if this API lockdown is going to prevent git-annex users from accessing their data in google drive, I feel we should work to help them move the data to other storage before it happens.

One idea is, write some documentation about it, and this special remote can use INFO to display a message to the user pointing at a transition guide.

Another idea is you could run "git annex untrust $googleuuid". (But see https://git-annex.branchable.com/todo/way_to_untrust_without_unncessary_branch_update/ )
@Lykos153
Copy link
Owner

Thanks for the information! I'm quite busy at the moment, but I will add a hint to the documentation and a INFO message. Though from what I read, the expensive security assessment is only necessary if the application "stores or transmits through servers" which this special remote doesn't do. https://cloud.google.com/blog/products/identity-security/enhancing-security-controls-for-google-drive-third-party-apps

@Lykos153
Copy link
Owner

Seems like I can adapt the application to use the drive.file scope, so it won't need to go through the verification process. I'm going to look deeper into it.

@Lykos153 Lykos153 mentioned this issue Jul 29, 2019
Open
@Lykos153
Copy link
Owner

Lykos153 commented May 31, 2020
edited
Loading

It seems Google has taken the next step of locking down unverified API keys. I already applied for verification (#31), but some additional steps seem to be required before the application is even considered. Up until now, it was possible to skip Google's warning screen, but apparently that is no longer always an option.
As a first workaround, support for adding an own API key was added #42.

@Lykos153 Lykos153 mentioned this issue Jun 1, 2020
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@joeyh @Lykos153