I'm working on an integration to stream Google Meet recordings to a 3rd party file storage service. Here's the rough workflow I'm following
- Create the meeting using the Google Calendar API
- During the meeting, a user optionally records
- After the meeting, check the calendar event description for a link to the generated Google Drive file
- Use the Drive API to retrieve a download link for the file
- Open a download stream and stream to 3rd party service
My question is what OAuth scopes I need to make this work. The drive.file scope will only give me access to files my app created. The meeting recordings are created by Google Meet. The drive.apps.readonly scope gives me access to all files if the user installs my app. Could I create a Google Workspace Marketplace app and use that scope to download the file? Will the downloadUrl in the file object work with a token that only has drive.apps.readonly?
I'm trying to avoid using any restricted scope if possible.
Drive scopes are restricted by design
If you check this page, About Auth, and this page, OAuth Verification FAQs you'll see that Drive is inherently restricted due to the nature of the service. Since your app does not create the video, it will require a restricted scope to fetch the video created by meet.
I believe that
https://www.googleapis.com/auth/drive.readonlywill work for your purposes.