I am writing a small app to upload files to a shared Google Drive using a service account (JSON file credential, no user impersonation or consent, service account has been granted permission directly). There are many example scripts online but none seemed to work as-is. I have ended up with the script below. I was able to connect a few times and read files from Drive but then I took a break. When I returned, I started getting these errors:
"[{'message': 'Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.', 'domain': 'global', 'reason': 'unauthorized'}]
Current code (with some extra lines to force the traffic into Fiddler for inspection) is:
from google.oauth2 import service_account
from googleapiclient.discovery import build
import google.auth.transport.requests
import httplib2
import google_auth_httplib2
import os, sys, argparse
import json
from pprint import pprint
parser=argparse.ArgumentParser()
parser.add_argument("--keyfile", help="JSON key file",required=True)
parser.add_argument("--datafile", help="File to upload",required=True)
parser.add_argument("--folderid", help="Google Drive folder for the file",required=True)
args=parser.parse_args()
def upload_file_to_gdrive(key_file,folder_id,data_file):
print(os.path.abspath(key_file))
#scopes = ['https://www.googleapis.com/auth/drive.metadata', 'https://www.googleapis.com/auth/drive']
scopes = ['https://www.googleapis.com/auth/drive']
creds = service_account.Credentials.from_service_account_file(filename=key_file,scopes=scopes)
# if not creds or not creds.token_state:
# if creds and creds.expired and creds.refresh_token:
creds.refresh(google.auth.transport.requests.Request())
print(creds.service_account_email)
print(creds.valid)
print(creds.token_state)
http = httplib2.Http(disable_ssl_certificate_validation=True ,
proxy_info=httplib2.ProxyInfo(httplib2.socks.PROXY_TYPE_HTTP, "localhost", 8888 ) )
authorized_http = google_auth_httplib2.AuthorizedHttp(credentials=creds, http=http)
service = build(serviceName='drive',version='v3', http=authorized_http)
#service = build(serviceName='drive',version='v3',credentials=creds)
results = service.about().get(fields="*").execute()
upload_file_to_gdrive(args.keyfile,args.folderid,args.datafile)
Via Fiddler, I can see that the client is hitting the token API, https://oauth2.googleapis.com/token, and receiving an access token. I can also see that the access token is included in the request to GET https://www.googleapis.com/drive/v3/about.
GET https://www.googleapis.com/drive/v3/about?fields=%2A&alt=json HTTP/1.1
Host: www.googleapis.com
accept: application/json
accept-encoding: gzip, deflate
user-agent: (gzip)
x-goog-api-client: gdcl/2.124.0 gl-python/3.12.2 cred-type/sa
content-length: 0
authorization: Bearer ya29.c.c0AY_VpZgZ-JOjiMEHpXd5JDFydx33qiEjyGA8k52SGhRmZqPVaXIo8lEhY2gkHt8VmtGrD8H0qWkIkkKk.....
What could be causing this access token to be rejected by the service?