Google Sheet OAuth scopes to only access a few files?

Question

We have a restricted app in which we control user accounts creation. We also use Google Sign-in. Currently the app is unverified and its fine since all users are in our GSuite domain. But we want to expand it to user outside our GSuite domain.

The user can provide in our apps a link to a spreadsheet, and the app will modify the sheet on user request.

Is there a way to only request a OAuth scope that gives access to a specific file only ? The https://www.googleapis.com/auth/spreadsheets seems overkill for our usage.

Note: The spreadsheets already exists, so the permission https://www.googleapis.com/auth/drive.file would not work in our case.

Answer 1

An alternative solution is to use a service account instead of an app:

• The service account will have a generated e-mail. The documents can be shared with that e-mail.
• You can download the access credentials to the service account in a JSON file. So in sense of access they are pretty much like an app, just they don't need to go through a verification process.
• Using those credentials you'll have access to only the files that were shared with the service account through its e-mail address.

This is a nice example project that shows the steps required in the UI with screenshots:

• https://github.com/juampynr/google-spreadsheet-reader