Directory sandboxed access for Google Drive / Dropbox API / RemoteStorage apps?

384 views Asked by At

Is there a way to get sandboxed, user-selected directory access on any major file service without first getting read level access to their entire filesystem?

There's a lot of talk about "unhosted" static webapps that allow users to access their data from a 3rd party file service (Google Drive, Dropbox, their own server, etc.). The most notable effort I've found so far is remoteStorage.io, but there doesn't seem to be a way with any major provider to let the user select a directory and then use that as a sandbox without breaking their trust (i.e. getting read access to all their files first).

From the user's perspective, the webapp shouldn't have access to anything else on the remote file storage except the one folder the user grants it access to (for example, I might grant a text editor access to my FunnyJokes folder).

The current work around seems to be having the webapp force a specific folder name ahead of time ("this app wants access to /appname_notes"), but that rules out letting the user point it to where they may already have their notes.

Does anyone know of a nice way to do this with Google Drive, Dropbox, or the like?

The user experience that makes the most sense to me is something like...

  1. User opens an unhosted webapp (for example, a basic text editor TextyApp). They click a button to connect with their data.
  2. 3rd party auth page appears (for example, Google Drive) and it says "The app TextyApp has requested read/write access to your files. Please select a directory to use."
  3. Confirmation screen: "Grant read/write access to folder FunnyJokes for TextyApp?"
  4. The page redirects back to the webapp with sandboxed accessed to the user-specified folder and the files within it.

This seems like how remote file storage should work, but I haven't found a way to do it yet. Any thoughts/suggestions would be great!

Cheers, Adam

Edit: To clarify, I'm not talking about storing hidden "application data", but instead letting the user specify a particular directory to sandbox for use with a webapp that they may not want to give broader access to.

2

There are 2 answers

6
Mark B On BEST ANSWER

The Dropbox Apps API provides the ability to restrict any app using your API key to a single directory of your Dropbox account. So users could create an API key with access to a specific directory and then plug that into your app. However, that's not a user-friendly workflow.

I think the Dropbox Drop-Ins Chooser/Saver API might be close to what you want. The user is presented with a Dropbox file selection popup, and your app only gets access to the specific file(s) that the user selects.

1
raucao On

With remoteStorage, sandboxed directory access is currently the default way for apps to request (and users to grant) access to the storage. However, users cannot manually select or enter custom directories during the connect phase.