访问谷歌那样开车服务器？ [英] Accessing Google Drive like server?

问题描述

目前我正在一个Android应用程序，需要一些集中的云存储位置，例如一个客户下载我的应用程序，并输入自己的用户ID后，应用程序将下载他们的相关信息，如姓名，用户历史，或任意小资料片。

Currently I'm working on an Android app that needs some centralized cloud storage location, for example a customer downloads my app and after entering their user ID the app will download their relevant information, ie name, user history, or any arbitrary small piece of information.

由于我一直在与谷歌云端硬盘API我想我会简单地设置帐户X要承载所有的客户信息（没有这信息是敏感的），可能是JSON格式的工作，然后每当有人下载​​我的应用程序它会连接到账户X和拉离帐户X的谷歌驱动器的相关信息。我已经跑进问题是，有帐户X作为用户帐户的设备上正常工作，但是当我尝试不具有帐户X作为用户的设备上Connect帐户应用程序崩溃。

Since I've been working with the Google Drive API I thought I would simply set up account X to host all the customers information(none of this information is sensitive), probably in JSON format, and then whenever someone downloads my app it will connect to account X, and pull the relevant information from account X's Google Drive. The problem I have ran into is that on a device that has account X as a user account it works fine but when I try to connect on a device that doesn't have account X as a user account the app crashes.

是我所描述的可能的驱动API？为了连接占到X的驱动器在使用中必须有它作为一个用户帐户，或者我必须弥补这方面的相关文件公开（以共享选项）工作的设备？

推荐答案

很多！你不应该从没有被用户所拥有的账户暴露一个访问令牌。打破OAuth协议的目的。如果访问令牌不为用户驱动器，然后它应该永远不会离开服务器端。
除非你正在使用的文件的具体范围（这个问题没有），那么令牌将是很好的删除整个驱动器为好。没有好。

Lots! You should never expose an access token from an account that is not owned by the user. That breaks the oauth protocol purpose. If the access token is not for the users drive then it should never leave the server side. Unless you are using file specific scopes (this question does not) then the token will be good to delete the entire drive as well. No good.

这篇关于访问谷歌那样开车服务器？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！