javascriptgoogle-apigoogle-picker

Google Picker API for Google Workspace users only


Hi, I want the users of our organization only to use google picker to select files from their google drive.

I followed this example to set up API key and oAuth client in the google developer console.

Here is the summary of what I did:

Using Official Example google picker is working but it allows all Gmail users as well, I want to allow only those emails which belong to my domain.

I could not found anything related to this in official docs so I have the following questions:

  1. Is it possible?
  2. Is it possible to bypass the consent screen using service account impersonation(User Access Token generated on the server via impersonation)?

Solution

  • This is a high level explanation, but the idea is the following:

    1. Using a server side script, you will generate a token for a user using a service account and impersonation.

    2. On the client side, you will have to call that script on the server side and have the server return the token.

    3. When initializing the picker, you will set the token to what you received from the server using the PickerBuilder.setOAuthToken() method.

    That way you not only bypass the consent screen, but also make sure the drive picker presents the drive files of the user you authenticated with the service account.

    If you are looking for a low level explanation, edit your question and post your architecture along with your code.