I’m building a website where users can view their video files from Google Drive and watch them using HTML5 video player.
I implemented Google Picker for file selection. After a user picks a file, they get sent to a page like video.php?file={file_id}
When I try to get file details using this code, I get a 403 error (failed to open stream: HTTP request failed! HTTP/1.0 403 Forbidden):
<?php
$api_url = "https://www.googleapis.com/drive/v1/files/" . $_GET["file"] . "";
$response = file_get_contents($api_url);
$file_info = json_decode($response, true);
var_dump($file_info);
?>
Do I need to verify user authentication again? What’s the fastest method to handle this?
you’re missing the auth token. when users pick a file, google picker gives you an access token - grab that and add it to your api call. also, ditch v1 and use v3. try authorization: bearer {token} in your curl header instead of file_get_contents.
You are lacking proper authentication for your request. Additionally, note that Google Drive API v1 is deprecated; it’s advisable to upgrade to v3.
Using file_get_contents() in this case is inadequate since it does not allow for including OAuth headers. When a user selects a file using Google Picker, you should capture the associated access token. I suggest using cURL instead, which will let you add the Authorization header: Bearer YOUR_ACCESS_TOKEN.
Remember to update your API endpoint to v3: https://www.googleapis.com/drive/v3/files/{fileId}. If the access token obtained from the picker is unavailable, rerunning the OAuth flow may be necessary. The simplest approach is to store the access token when the picker confirms the file selection.
The 403 error indicates an authentication issue. The Google Drive API requires an access token for each request, including those made for files selected via Google Picker. Your method using file_get_contents() does not include authorization headers. It is crucial to add the user’s OAuth access token in the Authorization header as Bearer {access_token}. I recommend switching to cURL for better header management and ensure you are using API version 3 instead of version 1. When implementing Google Picker, store the access token in a session or pass it as a parameter for your API calls. Without proper authentication, you will continue to encounter 403 errors, regardless of file permissions.