Authentication

This module handles authentication for Google Drive API access.

Functions

driada.gdrive.auth.desktop_auth(secret_path)

Authenticate Google Drive access for desktop applications.

Creates a Google Drive authentication object using OAuth2 credentials from a client secrets file. Opens a local web server for the OAuth2 authentication flow.

Parameters:

secret_path (str) – Path to the client secrets JSON file downloaded from Google Cloud Console. This file contains OAuth2 credentials for your application. Must be a valid path to an existing JSON file.

Returns:

gauth – Authenticated GoogleAuth object that can be used with PyDrive2.

Return type:

GoogleAuth

Raises:

• FileNotFoundError – If secret_path does not exist.

• json.JSONDecodeError – If secret_path contains invalid JSON.

• Exception – If OAuth2 authentication fails (e.g., user cancels, network error).

Notes

This function is intended for desktop applications where a web browser can be opened for authentication. It will: 1. Start a local web server (usually on port 8080) 2. Open the default browser for Google authentication 3. Handle the OAuth2 callback automatically

WARNING: This function modifies GoogleAuth.DEFAULT_SETTINGS globally, which affects all GoogleAuth instances in the process.

The client secrets file can be obtained from: https://console.cloud.google.com/apis/credentials

Requires a web browser and ability to bind to local ports.

Examples

>>> # Requires actual client_secrets.json file
>>> gauth = desktop_auth('./client_secrets.json')  
>>> from pydrive2.drive import GoogleDrive  
>>> drive = GoogleDrive(gauth)  

driada.gdrive.auth.google_colab_auth()

Authenticate Google Drive access in Google Colab environment.

Uses Google Colab’s built-in authentication mechanism to obtain credentials for accessing Google Drive. This function only works when running in a Google Colab notebook.

Returns:

gauth – Authenticated GoogleAuth object that can be used with PyDrive2.

Return type:

GoogleAuth

Raises:

• ImportError – If not running in Google Colab (google.colab module not available).

• Exception – If authentication fails (e.g., user denies permission, network error).

Notes

This function will prompt the user to: 1. Click a link to authenticate with Google 2. Copy and paste an authorization code

The authentication persists for the duration of the Colab session. Credentials are tied to the Google account used in Colab.

Examples

>>> # In a Google Colab notebook:
>>> gauth = google_colab_auth()  
>>> from pydrive2.drive import GoogleDrive  
>>> drive = GoogleDrive(gauth)  

Usage Examples

Desktop Authentication

from driada.gdrive import desktop_auth

# Authenticate on desktop/laptop
auth = desktop_auth('path/to/client_secrets.json')

# This will:
# 1. Open a browser window for Google login
# 2. Request Drive API permissions
# 3. Save credentials locally for reuse

# Use auth object for subsequent operations
from driada.gdrive import download_gdrive_data
download_gdrive_data(auth, file_url, local_path)

Google Colab Authentication

from driada.gdrive import google_colab_auth

# In Google Colab environment
auth = google_colab_auth()

# This will:
# 1. Use Colab's built-in auth
# 2. Mount Google Drive if needed
# 3. Return authenticated service

Configuration

First-time Setup

1. Enable Google Drive API:

   • Go to Google Cloud Console

   • Create a new project or select existing

   • Enable Google Drive API

   • Create credentials (OAuth2 or Service Account)

2. Download Credentials:

   • For OAuth2: Download client configuration

   • For Service Account: Download JSON key file

3. Configure DRIADA:

   # OAuth credentials should be set via environment variables:
   # export GDRIVE_CLIENT_ID="your-client-id"
   # export GDRIVE_CLIENT_SECRET="your-client-secret"
   

Environment Variables

Set these for automatic configuration:

# OAuth2 credentials
export GDRIVE_CLIENT_ID="your-client-id"
export GDRIVE_CLIENT_SECRET="your-client-secret"

# Service account
export GDRIVE_SERVICE_ACCOUNT_FILE="/path/to/key.json"

# Token storage
export GDRIVE_TOKEN_DIR="~/.driada/tokens"

Troubleshooting

Common Issues

“Access blocked” error:

• Ensure your OAuth2 credentials are properly configured in Google Cloud Console

• Check that redirect URIs include http://localhost:8080/

• Try using a different browser or clearing browser cache

Note on Desktop Authentication:

Desktop authentication (desktop_auth) is primarily tested within IABS lab environment and may throw unexpected errors in other setups. For most users, we recommend using Google Colab authentication or setting up service accounts.

Security Best Practices

1. Never commit credentials to version control

2. Use service accounts for production

3. Limit API scope to minimum required:

   # Scopes are configured in your OAuth2 client setup in Google Cloud Console
   from driada.gdrive import desktop_auth
   auth = desktop_auth('path/to/client_secrets.json')
   

4. Rotate credentials regularly

5. Monitor API usage in Cloud Console

API Scopes

Available scopes for different access levels:

• Read-only: drive.readonly

• File access: drive.file

• Full access: drive

• Metadata only: drive.metadata.readonly

To limit scope, configure it when creating OAuth2 credentials in Google Cloud Console.