I’m stuck on a problem with my C# app. It’s supposed to download Google Docs files for multiple users using admin access. Here’s the weird part:
- Getting document titles works fine for all files
- Downloading files the user created is no problem
- But trying to download files others made gives a 401 or 403 error
I’ve tried looking online but can’t find a fix. Am I missing something obvious?
Here’s a simplified version of what I’m doing:
void GetUserDocs(string adminEmail, string adminPassword, string userEmail)
{
var settings = new RequestSettings("MyApp", adminEmail, adminPassword);
var docRequest = new DocumentsRequest(settings);
var query = new DocumentsListQuery();
query.Uri = new Uri(query.Uri.ToString().Replace("/default/", $"/{userEmail}/"));
var feed = docRequest.Service.Query(query);
foreach (var entry in feed.Entries)
{
var doc = new Document { AtomEntry = entry };
// This line fails for docs not created by the user
using var stream = docRequest.Download(doc, Document.DownloadType.html);
// Save stream to file...
}
}
Any ideas on how to fix this? Thanks for any help!
hey there, sounds like a tricky one! have u checked the scopes on ur OAuth credentials? sometimes google can be picky bout permissions. maybe try adding https://www.googleapis.com/auth/drive.readonly to ur scopes if u havent already. that might give the admin full read access to all docs. good luck!
Have you considered using Google’s Domain-Wide Delegation? This method allows a service account to impersonate users within your domain, potentially bypassing the permission issues you’re facing. You’d need to set up a service account in Google Cloud Console, enable domain-wide delegation, and grant it the necessary scopes. Then, use the service account to authenticate and impersonate the user whose documents you’re trying to access. This approach often resolves 403 errors in scenarios like yours. Here’s a rough idea:
var credential = GoogleCredential.FromFile("path_to_service_account.json")
.CreateScoped(DriveService.Scope.Drive)
.CreateWithUser(userEmail);
var service = new DriveService(new BaseClientService.Initializer
{
HttpClientInitializer = credential,
ApplicationName = "YourAppName"
});
// Use 'service' to download files
This method has worked well in my projects dealing with multi-user document access.
I’ve dealt with similar issues before, and in my case it turned out to be related to how Google handles permissions for different users. I switched to using a service account instead of relying solely on admin credentials. I created a service account in Google Cloud Console, enabled domain-wide delegation, and made sure that the required APIs (such as Drive and Docs) were enabled. Using the service account’s JSON key file for authentication allowed me to impersonate users and access their files without hitting the 403 error. Ensuring that you’re using the latest client libraries can also help resolve permission quirks.