fix(google-scopes): added forms and different drive scope #1532
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -425,7 +425,7 @@ export const auth = betterAuth({ | |
| scopes: [ | ||
| 'https://www.googleapis.com/auth/userinfo.email', | ||
| 'https://www.googleapis.com/auth/userinfo.profile', | ||
| 'https://www.googleapis.com/auth/drive.readonly', | ||
|
Contributor
There was a problem hiding this comment. logic: This scope change breaks write functionality. 'drive.readonly' only allows reading files, but many tools likely need to create/modify files. Consider 'drive.file' for read-write access to app-created files or 'drive' for full access if needed. Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/lib/auth.ts
Line: 428:428
Comment:
**logic:** This scope change breaks write functionality. 'drive.readonly' only allows reading files, but many tools likely need to create/modify files. Consider 'drive.file' for read-write access to app-created files or 'drive' for full access if needed.
How can I resolve this? If you propose a fix, please make it concise. |
||
| ], | ||
| prompt: 'consent', | ||
| redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-drive`, | ||
|
|
@@ -439,7 +439,7 @@ export const auth = betterAuth({ | |
| scopes: [ | ||
| 'https://www.googleapis.com/auth/userinfo.email', | ||
| 'https://www.googleapis.com/auth/userinfo.profile', | ||
| 'https://www.googleapis.com/auth/drive.readonly', | ||
| ], | ||
| prompt: 'consent', | ||
| redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-docs`, | ||
|
|
@@ -453,7 +453,7 @@ export const auth = betterAuth({ | |
| scopes: [ | ||
| 'https://www.googleapis.com/auth/userinfo.email', | ||
| 'https://www.googleapis.com/auth/userinfo.profile', | ||
| 'https://www.googleapis.com/auth/drive.readonly', | ||
| ], | ||
| prompt: 'consent', | ||
| redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-sheets`, | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -121,7 +121,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = { | |
| providerId: 'google-drive', | ||
| icon: (props) => GoogleDriveIcon(props), | ||
| baseProviderIcon: (props) => GoogleIcon(props), | ||
| scopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
|
Contributor
There was a problem hiding this comment. logic: Changing to read-only scope will break upload functionality. Upload tools require write permissions. Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/lib/oauth/oauth.ts
Line: 124:124
Comment:
**logic:** Changing to read-only scope will break upload functionality. Upload tools require write permissions.
How can I resolve this? If you propose a fix, please make it concise. |
||
| }, | ||
| 'google-docs': { | ||
| id: 'google-docs', | ||
|
|
@@ -130,7 +130,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = { | |
| providerId: 'google-docs', | ||
| icon: (props) => GoogleDocsIcon(props), | ||
| baseProviderIcon: (props) => GoogleIcon(props), | ||
| scopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
| }, | ||
| 'google-sheets': { | ||
| id: 'google-sheets', | ||
|
|
@@ -139,7 +139,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = { | |
| providerId: 'google-sheets', | ||
| icon: (props) => GoogleSheetsIcon(props), | ||
| baseProviderIcon: (props) => GoogleIcon(props), | ||
| scopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
| }, | ||
| 'google-forms': { | ||
| id: 'google-forms', | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -13,7 +13,7 @@ export const createTool: ToolConfig<GoogleDocsToolParams, GoogleDocsCreateRespon | |||||
| oauth: { | ||||||
| required: true, | ||||||
| provider: 'google-docs', | ||||||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||||||
|
Contributor
There was a problem hiding this comment. logic: Critical scope mismatch: 'drive.readonly' cannot create documents. This tool POSTs to Drive API which requires write permissions, but readonly scope only allows read access.
Suggested change
Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/tools/google_docs/create.ts
Line: 16:16
Comment:
**logic:** Critical scope mismatch: 'drive.readonly' cannot create documents. This tool POSTs to Drive API which requires write permissions, but readonly scope only allows read access.
```suggestion
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```
How can I resolve this? If you propose a fix, please make it concise. |
||||||
| }, | ||||||
|
|
||||||
| params: { | ||||||
|
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -11,7 +11,7 @@ export const readTool: ToolConfig<GoogleDocsToolParams, GoogleDocsReadResponse> | |
| oauth: { | ||
| required: true, | ||
| provider: 'google-docs', | ||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
| }, | ||
|
|
||
| params: { | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -9,7 +9,7 @@ export const writeTool: ToolConfig<GoogleDocsToolParams, GoogleDocsWriteResponse | |||||
| oauth: { | ||||||
| required: true, | ||||||
| provider: 'google-docs', | ||||||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||||||
|
Contributor
There was a problem hiding this comment. logic: This scope is incompatible with write operations. The tool performs document updates via batchUpdate API which requires write permissions, not readonly. This will cause authentication failures at runtime.
Suggested change
Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/tools/google_docs/write.ts
Line: 12:12
Comment:
**logic:** This scope is incompatible with write operations. The tool performs document updates via batchUpdate API which requires write permissions, not readonly. This will cause authentication failures at runtime.
```suggestion
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```
How can I resolve this? If you propose a fix, please make it concise. |
||||||
| }, | ||||||
| params: { | ||||||
| accessToken: { | ||||||
|
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -10,7 +10,7 @@ export const createFolderTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUplo | |||||
| oauth: { | ||||||
| required: true, | ||||||
| provider: 'google-drive', | ||||||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||||||
|
Contributor
There was a problem hiding this comment. logic: Using 'drive.readonly' scope for creating folders will fail - this operation requires write permissions. Should use 'https://www.googleapis.com/auth/drive.file' or 'https://www.googleapis.com/auth/drive'
Suggested change
Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/tools/google_drive/create_folder.ts
Line: 13:13
Comment:
**logic:** Using 'drive.readonly' scope for creating folders will fail - this operation requires write permissions. Should use 'https://www.googleapis.com/auth/drive.file' or 'https://www.googleapis.com/auth/drive'
```suggestion
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```
How can I resolve this? If you propose a fix, please make it concise. |
||||||
| }, | ||||||
|
|
||||||
| params: { | ||||||
|
|
||||||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -18,7 +18,7 @@ export const getContentTool: ToolConfig<GoogleDriveToolParams, GoogleDriveGetCon | |
| oauth: { | ||
| required: true, | ||
| provider: 'google-drive', | ||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
| }, | ||
|
|
||
| params: { | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -10,7 +10,7 @@ export const listTool: ToolConfig<GoogleDriveToolParams, GoogleDriveListResponse | |
| oauth: { | ||
| required: true, | ||
| provider: 'google-drive', | ||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||
|
Contributor
There was a problem hiding this comment. logic: Scope change is correct for list operation, but upload and create_folder tools also use 'drive.readonly' which will cause failures since they need write permissions Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/tools/google_drive/list.ts
Line: 13:13
Comment:
**logic:** Scope change is correct for list operation, but upload and create_folder tools also use 'drive.readonly' which will cause failures since they need write permissions
How can I resolve this? If you propose a fix, please make it concise. |
||
| }, | ||
|
|
||
| params: { | ||
|
|
||
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change | ||||
|---|---|---|---|---|---|---|
|
|
@@ -18,7 +18,7 @@ export const uploadTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUploadResp | |||||
| oauth: { | ||||||
| required: true, | ||||||
| provider: 'google-drive', | ||||||
| additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'], | ||||||
|
Contributor
There was a problem hiding this comment. logic: Critical issue: Upload tool cannot function with readonly scope. This scope only allows reading files, but upload requires write permissions. Should use
Suggested change
Prompt To Fix With AIThis is a comment left during a code review.
Path: apps/sim/tools/google_drive/upload.ts
Line: 21:21
Comment:
**logic:** Critical issue: Upload tool cannot function with readonly scope. This scope only allows reading files, but upload requires write permissions. Should use `drive.file` or `drive` scope instead.
```suggestion
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```
How can I resolve this? If you propose a fix, please make it concise. |
||||||
| }, | ||||||
|
|
||||||
| params: { | ||||||
|
|
||||||
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
logic: Using readonly scope will break write and create operations. Google Docs write/create requires 'https://www.googleapis.com/auth/drive.file' or broader write permissions.
Prompt To Fix With AI