Google Drive API webContentLink redirects to a different domain

Question

I am using the Google Drive API to access files on my team drive. My server application uses OAuth2 to obtain an access token. I then use this token as a Bearer token to make API drive calls. When I am trying to download an image from my team drive, one of the files listed when calling the https://www.googleapis.com/drive/v3/files endpoint is:

{ "id": "<longAlphaNumericID>", "mimeType": "image/jpeg", "webContentLink": "https://drive.google.com/a/<myTeamDriveDomain>/uc?id=SOME_GOOGLE_DRIVE_ID&export=download", "fileExtension": "jpg", "size": "108794" }

When I try to download the webContentLink with the same Bearer token in the request headers, I am redirected to https://doc-0k-08-docs.googleusercontent.com/docs/securesc/...

The Bearer token doesn't seem to work for this googleusercontent.com domain, and my server is eventually forwarded on to a sign in page (which is not good for a server app).

When trying to make this second request, I noticed the response headers contains:

Access-Control-Allow-Origin: * Access-Control-Allow-Credentials: false Access-Control-Allow-Methods: GET,OPTIONS P3P: CP="This is not a P3P policy! See http://www.google.com/support/accounts/answer/151657?hl=en for more info."

I assume this last header is pointing me to the problem, and it has something to do with the redirect going to a different domain, but I'm not sure what I need to do about it. I thought the access token granted through OAuth2 with the proper scope should allow me to do everything. It does seem to work for everything else (accessing spreadsheets, documents, etc.), but I am having difficulty downloading images in this way.

Here is a detailed list of requests and responses:

1. Request: OAuth2 call to get access token with my client id and secret.
2. Response: Received the access token. Good
3. Request: https://www.googleapis.com/drive/v3/files?corpora=teamDrive&includeTeamDriveItems=true&supportsTeamDrives=true&teamDriveId=[myTeamDriveID] with Authorization token in header.
4. Response. Status 200. Received file list. Awesome.
5. For each image, request the webContentLink with the Authorization token in header
6. Request: https://drive.google.com/a/[myTeamDriveDomain]/uc?id=[fileID]&export=download
7. Response: Status 302 with P3P header CP="This is not a P3P policy! Redirected to http://docs.google.com/a/[myTeamDriveDomain]/nonceSigner?nonce=[alphaNumericID]&continue=https://doc-0g-08-docs.googleusercontent.com/docs/securesc/[longAlphaNumericID]/[longAlphaNumericID]/[longNumericID]/[longNumericID]/[longNumericID]/[longAlphaNumericID]?e%3Ddownload%26h%3D[longNumericID]&hash=[hashValue]
8. Request: Get redirect url from previous response with Authorization token in header
9. Response: Status 302. Redirected to https://www.google.com/a/]myTeamDriveDomain]/ServiceLogin?passive=1209600&osid=1&continue=[previousRedirectURL]&followup=[previousRedirectURL]
10. Request: Get redirect url from previous response with Authorization token in header
11. Response: Status 200. This is the login page. While debugging, if I enter my credentials I will get the image, but the server can't do this. It needs to be able to use Access tokens

Any ideas what I'm doing wrong?

Answer 1

If your intention is to download the file content to your app, you don't use webContentLink. Instead you simply get the file-id with alt=media (for binary files) or export to a particular format (for Google docs). See https://developers.google.com/drive/api/v3/manage-downloads