Google Drive: new security protection

[MrKrabat]

Hello,

Google has changed their security to protect users against 'unverified apps'.
https://gsuite-developers.googleblog.com/2017/07/new-security-protections-to-reduce-risk.html

The problem is, every user who is using Google Drive in Nextcloud is creating an 'unverified app'.
https://docs.nextcloud.com/server/12/admin_manual/configuration_files/external_storage/google.html
When you create a new project it is already under this new rules and you can't connect your account (1).

As described in the article this feature will be soon affecting already existing projects and the whole Google Drive integration will stop working in Nextcloud.

The main problem about this is, that a normal user is not able to verify this app since you need to proof that you control the domain and a lot more. Which means a normal user can't use Google Drive in the future.

Greetings,
MrKrabat

(1) It is possible to allow unverified apps with joining this Google Group https://groups.google.com/forum/#!forum/risky-access-by-unreviewed-apps
It's obviously dangerous for your account. Currently it is possible to leave the group after connecting GDrive with Nextcloud.

[rullzer]

mmm so that would probably mean that we should rip out google drive of files_external...

[MorrisJobke]

mmm so that would probably mean that we should rip out google drive of files_external...

Once we do this following tickets will be obsolete too: #99, #4028, #5748,

[yan12125]

Please don't remove Google Drive functionality. It's still useful for G Suite users. From https://support.google.com/code/contact/oauth_app_verification:

Apps that are going to be used only by users within your G Suite organization
You should not be seeing the unverified app screen. See this FAQ for more details.

I've just set up Google Drive in my Nextcloud instance, and it doesn't show the unverified app consent screen.

[MrKrabat]

The screen actually looks like this:

If you press the link at the bottom, google will allow you to proceed but opens an input box and want that you enter "Weiter" (german for continue) to confirm.
(like in the gif-animation in the google blog entry)

This new "feature" still exists, but this input box is a nicer way to skip this.

[gvmura]

@MorrisJobke: Once we do this following tickets will be obsolete too: #99, #4028, #5748,

I don't hope so

[MorrisJobke]

@icewind1991 Mind to do the same app for Google drive as for Dropbox?

[simon-zumbrunnen]

The main problem about this is, that a normal user is not able to verify this app since you need to proof that you control the domain and a lot more. Which means a normal user can't use Google Drive in the future.

In my opinion, the user shouldn't have to care about the app credentials anyways. An admin should create an app, go through the verification process, configure the app credentials globaly for all users. (see #2861) Then the user only has to allow this app access to his account to use this feature.

[ferdiga]

I have turned the "allow unsafe apps" feature off and on again and get the infamous
Google_Auth_Exception: Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }'.
message.
it seems to me that the refresh token is out of date.
https://stackoverflow.com/questions/35878859/google-oauth2-error-refreshing-the-oauth2-token-message-error-invalid
how can I update the refresh token in nextcoud???

[mursec]

What can I do to help keep Google Drive on the external storage list?

[LawnSounds]

Cyberduck can connect with Google Drive locally with some Google App. Could this be implemented? Is this the correct place to post this?

[MorrisJobke]

As this is a separate app: please report it in that repo https://github.com/NastuzziSamy/files_external_gdrive/