I'm writing a simple NextJS app to list files in a Google Drive folder.
creds.json contains the correct key added on the Service AccountThe code is simple, and has been seen in many other tutorials (1, 2):
const credsDir = path.join(process.cwd(), '.');
const credsFile = fs.readFileSync(credsDir + '/creds.json', 'utf-8');
const credsJson = JSON.parse(credsFile);
const authClient = new google.auth.GoogleAuth({
credsJson,
scopes: "https://www.googleapis.com/auth/drive"
});
const drive = google.drive({ version: 'v3', auth: authClient });
const response = await drive.files.list()
// Also tried drive.files.list({ driveId: xxxxxxxxxxxxxxxxx })
// Also tried other operations besides listing files
The error received is:
error - GaxiosError: Insufficient Permission
at Gaxios._request [...] {
response: {
config: {
url: 'https://www.googleapis.com/drive/v3/files',
method: 'GET',
userAgentDirectives: [Array],
paramsSerializer: [Function (anonymous)],
headers: [Object],
params: {},
validateStatus: [Function (anonymous)],
retry: true,
responseType: 'json',
retryConfig: [Object]
},
data: { error: [Object] },
headers: {
'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000',
'cache-control': 'private',
connection: 'close',
'content-encoding': 'gzip',
'content-type': 'application/json; charset=UTF-8',
date: 'Fri, 07 Apr 2023 09:40:28 GMT',
server: 'ESF',
'transfer-encoding': 'chunked',
'www-authenticate': 'Bearer realm="https://accounts.google.com/", error="insufficient_scope", scope="https://www.googleapis.com/auth/drive https://www.googleapis.com/auth/drive.appdata https://www.googleapis.com/auth/drive.appfolder https://www.googleapis.com/auth/drive.file https://www.googleapis.com/auth/drive.resource https://www.googleapis.com/auth/drive.metadata https://www.googleapis.com/auth/drive.metadata.readonly https://www.googleapis.com/auth/drive.readonly.metadata https://www.googleapis.com/auth/drive.photos.readonly https://www.googleapis.com/auth/drive.readonly"',
'x-content-type-options': 'nosniff',
'x-frame-options': 'SAMEORIGIN',
'x-xss-protection': '0'
},
status: 403,
statusText: 'Forbidden',
request: { responseURL: 'https://www.googleapis.com/drive/v3/files' }
},
config: {
url: 'https://www.googleapis.com/drive/v3/files',
method: 'GET',
userAgentDirectives: [ [Object] ],
paramsSerializer: [Function (anonymous)],
headers: {
'x-goog-api-client': 'gdcl/6.0.4 gl-node/17.9.0 auth/8.7.0',
'Accept-Encoding': 'gzip',
'User-Agent': 'google-api-nodejs-client/6.0.4 (gzip)',
Authorization: '<some bearer token>',
Accept: 'application/json'
},
params: {},
validateStatus: [Function (anonymous)],
retry: true,
responseType: 'json',
retryConfig: {
currentRetryAttempt: 0,
retry: 3,
httpMethodsToRetry: [Array],
noResponseRetries: 2,
statusCodesToRetry: [Array]
}
},
code: 403,
errors: [
{
message: 'Insufficient Permission',
domain: 'global',
reason: 'insufficientPermissions'
}
],
page: '/api/gdrive-images'
}
There are some solutions out there around this but are very old and don't seem to match my particular case.
What silly configuration could I possibly be missing?
Although I'm not sure whether I could correctly understand your current issue, how about the following modification?
const credsDir = path.join(process.cwd(), '.');
const credsFile = fs.readFileSync(credsDir + '/creds.json', 'utf-8');
const credsJson = JSON.parse(credsFile);
const authClient = new google.auth.GoogleAuth({
credsJson,
scopes: "https://www.googleapis.com/auth/drive"
});
const drive = google.drive({ version: 'v3', auth: authClient });
const response = await drive.files.list()
const credsDir = path.join(process.cwd(), '.');
const authClient = new google.auth.GoogleAuth({
keyFile: credsDir + '/creds.json',
scopes: "https://www.googleapis.com/auth/drive",
});
const drive = google.drive({ version: 'v3', auth: authClient });
const response = await drive.files.list()
response.data includes the file list of the drive of the service account.