I’m using google visualization charts and timeline to display some data on a simple webpage. The data for the charts comes from a google sheet. The google sheet is set to private and therefore I need an oauth flow to sign in the user before I present the chart.
All users have been given prior access to the spreadsheet.
Now the issue is that it seems that google wants me to ask for over the top permissions from my users to access this chart.
Meaning it requires: https://spreadsheets.google.com/feeds
Which asks the user permissions to, I quote “See, edit, delete, all your files in your google dirve”. This is quite scary and unnecesary but it’s the only way I can get this to work.
Shouldn’t this scope be enough https://www.googleapis.com/auth/spreadsheets.readonly ?
Or is the way the Oauth called that’s the issue?
var query = new google.visualization.Query(
'https://docs.google.com/spreadsheets/d/*yourspreadhseetid*/gviz/tq?gid=*yourgid*&headers=1&tqx=responseHandler:handleQueryResponse' + '&access_token=' + encodeURIComponent(gapi.auth.getToken().access_token));
The https://spreadsheets.google.com/feed scope is for version 3 of the sheets API. Yes, you should move towards /auth/spreadsheets.readonly as that is version 4 of the API. You can read more about how to migrate here.