question

BippanKumar-0327 avatar image
0 Votes"
BippanKumar-0327 asked IvanSued-4944 commented

Accessing Google Drive through Azure Function

The task is to download google sheet in excel format and store it in Azure blob storage on timely basics using the Azure time trigger function.

Access Method to users google drive - OAuth Client ID.

I have created an Azure function locally and it works fine as expected and performs the task but when I deploy the azure function I get this error.
25232-selection-026.png

Code for DriveService where the error occurs according to stack trace when deployed





public string[] Scopes = { DriveService.Scope.Drive, DriveService.Scope.DriveReadonly };
public DriveService GetService()
{
UserCredential _credential;
//Error Occurs at line below
Google.Apis.Auth.OAuth2.Flows.GoogleAuthorizationCodeFlow googleAuthFlow = new GoogleAuthorizationCodeFlow(new GoogleAuthorizationCodeFlow.Initializer()
{
ClientSecrets = new ClientSecrets
{
ClientId = _config[Constant.ClientId],
ClientSecret = _config[Constant.ClientSecret],
}
});

         string FilePath = Path.GetDirectoryName(_driveCredentialsPath);

         _credential = GoogleWebAuthorizationBroker.AuthorizeAsync(
             googleAuthFlow.ClientSecrets,
             Scopes,
             "user",
             CancellationToken.None,
             new FileDataStore(FilePath, true)).Result;

         DriveService service = new DriveService(new BaseClientService.Initializer()
         {
             HttpClientInitializer = _credential,
             ApplicationName = Constant.ApplicationName,
         });
         return service;
     }





I think there are two situations where it can go wrong but I am not sure about it.

When I am running the application locally a consent screen appears and gives permission to access the drive.
25252-selection-020.png

When this same function is running on azure who and how it will grant permission to access the drive.
I have provided my Azure App URL on Google OAuth Consent Screen as mentioned below to overcome this situation.

25253-selection-025.png

When I am running locally after giving permission to access drive it creates a TOKENRESPONSE-USER file a which consists of the access token, expiry date refresh token, and scope.


25126-selection-027.png

Is this possible that when the function is deployed it is unable to create a TOKENRESPONSE-USER file on azure function?

Please let me know why I am getting this error or do I need to change something in my process.




azure-functions
selection-026.png (83.5 KiB)
selection-020.png (64.7 KiB)
selection-025.png (49.2 KiB)
selection-027.png (12.7 KiB)
· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hello @BippanKumar-0327, Just following up here to see if my response below was helpful in resolving the issue faced? Please let me know if there are any more concerns.

0 Votes 0 ·

1 Answer

ChaitanyaNaykodiMSFT-9638 avatar image
0 Votes"
ChaitanyaNaykodiMSFT-9638 answered IvanSued-4944 commented

Hello @BippanKumar-0327 ,

Thank you for reaching out. For Function App there is no need to authenticate the user within the code, you can configure your function app to use Google login instead, when you register your app on Google by following the steps mentioned in the document. When the token expires the function can app leverage this connection to refresh it as discussed here. Maybe you can also use this tutorial for reference.
Please let me know if there any concerns, I will be happy to continue with our discussion.



· 1
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

I am not sure this is the correct approach in my case. I have a queue trigger function that will read messages containing some emails. We do some db queries to determine if we can access their google accounts based on permissions provided on our main web app. How can I authenticate the user from the azure function without the redirect. These users are all external users giving our app permission to view their google data.

0 Votes 0 ·