Skip to content

fix(google-scopes): added forms and different drive scope #1532

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
merged 2 commits into from
Oct 25, 2025
Merged

fix(google-scopes): added forms and different drive scope #1532

Show file tree
Hide file tree
Changes from 1 commit
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
e9e2c6f
added google forms scope and google drive scope
Oct 2, 2025
544613f
added back file scope
Oct 25, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion ...k/components/sub-block/components/credential-selector/components/oauth-required-modal.tsx
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -38,11 +38,12 @@ const SCOPE_DESCRIPTIONS: Record<string, string> = {
'https://www.googleapis.com/auth/gmail.modify': 'View and manage your email messages',
// 'https://www.googleapis.com/auth/gmail.readonly': 'View and read your email messages',
// 'https://www.googleapis.com/auth/drive': 'View and manage your Google Drive files',
'https://www.googleapis.com/auth/drive.file': 'View and manage your Google Drive files',
'https://www.googleapis.com/auth/drive.readonly': 'View and read your Google Drive files',
// 'https://www.googleapis.com/auth/documents': 'View and manage your Google Docs',
'https://www.googleapis.com/auth/calendar': 'View and manage your calendar',
'https://www.googleapis.com/auth/userinfo.email': 'View your email address',
'https://www.googleapis.com/auth/userinfo.profile': 'View your basic profile info',
'https://www.googleapis.com/auth/forms.responses.readonly': 'View responses to your Google Forms',
'read:page:confluence': 'Read Confluence pages',
'write:page:confluence': 'Write Confluence pages',
'read:me': 'Read your profile information',
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/blocks/blocks/google_docs.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -37,7 +37,7 @@ export const GoogleDocsBlock: BlockConfig<GoogleDocsResponse> = {
required: true,
provider: 'google-docs',
serviceId: 'google-docs',
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Using readonly scope will break write and create operations. Google Docs write/create requires 'https://www.googleapis.com/auth/drive.file' or broader write permissions.

Suggested change
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/blocks/blocks/google_docs.ts
Line: 40:40

Comment:
**logic:** Using readonly scope will break write and create operations. Google Docs write/create requires 'https://www.googleapis.com/auth/drive.file' or broader write permissions.

```suggestion
      requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
```

How can I resolve this? If you propose a fix, please make it concise.

placeholder: 'Select Google account',
},
// Document selector (basic mode)
Expand Down
8 changes: 4 additions & 4 deletions apps/sim/blocks/blocks/google_drive.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -36,7 +36,7 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
required: true,
provider: 'google-drive',
serviceId: 'google-drive',
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Critical scope mismatch: Using readonly scope for a block that performs upload and create folder operations. This will cause authentication failures for write operations.

Suggested change
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
requiredScopes: ['https://www.googleapis.com/auth/drive'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/blocks/blocks/google_drive.ts
Line: 39:39

Comment:
**logic:** Critical scope mismatch: Using readonly scope for a block that performs upload and create folder operations. This will cause authentication failures for write operations.

```suggestion
      requiredScopes: ['https://www.googleapis.com/auth/drive'],
```

How can I resolve this? If you propose a fix, please make it concise.

placeholder: 'Select Google Drive account',
},
// Upload Fields
Expand Down Expand Up @@ -80,7 +80,7 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
canonicalParamId: 'folderId',
provider: 'google-drive',
serviceId: 'google-drive',
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
mimeType: 'application/vnd.google-apps.folder',
placeholder: 'Select a parent folder',
mode: 'basic',
Expand Down Expand Up @@ -156,7 +156,7 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
canonicalParamId: 'folderId',
provider: 'google-drive',
serviceId: 'google-drive',
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
mimeType: 'application/vnd.google-apps.folder',
placeholder: 'Select a parent folder',
mode: 'basic',
Expand All @@ -183,7 +183,7 @@ export const GoogleDriveBlock: BlockConfig<GoogleDriveResponse> = {
canonicalParamId: 'folderId',
provider: 'google-drive',
serviceId: 'google-drive',
requiredScopes: ['https://www.googleapis.com/auth/drive.file'],
requiredScopes: ['https://www.googleapis.com/auth/drive.readonly'],
mimeType: 'application/vnd.google-apps.folder',
placeholder: 'Select a folder to list files from',
mode: 'basic',
Expand Down
6 changes: 3 additions & 3 deletions apps/sim/lib/auth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -425,7 +425,7 @@ export const auth = betterAuth({
scopes: [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.readonly',
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: This scope change breaks write functionality. 'drive.readonly' only allows reading files, but many tools likely need to create/modify files. Consider 'drive.file' for read-write access to app-created files or 'drive' for full access if needed.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/lib/auth.ts
Line: 428:428

Comment:
**logic:** This scope change breaks write functionality. 'drive.readonly' only allows reading files, but many tools likely need to create/modify files. Consider 'drive.file' for read-write access to app-created files or 'drive' for full access if needed.

How can I resolve this? If you propose a fix, please make it concise.

],
prompt: 'consent',
redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-drive`,
Expand All @@ -439,7 +439,7 @@ export const auth = betterAuth({
scopes: [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.readonly',
],
prompt: 'consent',
redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-docs`,
Expand All @@ -453,7 +453,7 @@ export const auth = betterAuth({
scopes: [
'https://www.googleapis.com/auth/userinfo.email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.googleapis.com/auth/drive.file',
'https://www.googleapis.com/auth/drive.readonly',
],
prompt: 'consent',
redirectURI: `${env.NEXT_PUBLIC_APP_URL}/api/auth/oauth2/callback/google-sheets`,
Expand Down
6 changes: 3 additions & 3 deletions apps/sim/lib/oauth/oauth.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
providerId: 'google-drive',
icon: (props) => GoogleDriveIcon(props),
baseProviderIcon: (props) => GoogleIcon(props),
scopes: ['https://www.googleapis.com/auth/drive.file'],
scopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Changing to read-only scope will break upload functionality. Upload tools require write permissions.

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/lib/oauth/oauth.ts
Line: 124:124

Comment:
**logic:** Changing to read-only scope will break upload functionality. Upload tools require write permissions.

How can I resolve this? If you propose a fix, please make it concise.

},
'google-docs': {
id: 'google-docs',
Expand All @@ -130,7 +130,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
providerId: 'google-docs',
icon: (props) => GoogleDocsIcon(props),
baseProviderIcon: (props) => GoogleIcon(props),
scopes: ['https://www.googleapis.com/auth/drive.file'],
scopes: ['https://www.googleapis.com/auth/drive.readonly'],
},
'google-sheets': {
id: 'google-sheets',
Expand All @@ -139,7 +139,7 @@ export const OAUTH_PROVIDERS: Record<string, OAuthProviderConfig> = {
providerId: 'google-sheets',
icon: (props) => GoogleSheetsIcon(props),
baseProviderIcon: (props) => GoogleIcon(props),
scopes: ['https://www.googleapis.com/auth/drive.file'],
scopes: ['https://www.googleapis.com/auth/drive.readonly'],
},
'google-forms': {
id: 'google-forms',
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_docs/create.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -13,7 +13,7 @@ export const createTool: ToolConfig<GoogleDocsToolParams, GoogleDocsCreateRespon
oauth: {
required: true,
provider: 'google-docs',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Critical scope mismatch: 'drive.readonly' cannot create documents. This tool POSTs to Drive API which requires write permissions, but readonly scope only allows read access.

Suggested change
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/google_docs/create.ts
Line: 16:16

Comment:
**logic:** Critical scope mismatch: 'drive.readonly' cannot create documents. This tool POSTs to Drive API which requires write permissions, but readonly scope only allows read access.

```suggestion
    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```

How can I resolve this? If you propose a fix, please make it concise.

},

params: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_docs/read.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ export const readTool: ToolConfig<GoogleDocsToolParams, GoogleDocsReadResponse>
oauth: {
required: true,
provider: 'google-docs',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
},

params: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_docs/write.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ export const writeTool: ToolConfig<GoogleDocsToolParams, GoogleDocsWriteResponse
oauth: {
required: true,
provider: 'google-docs',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: This scope is incompatible with write operations. The tool performs document updates via batchUpdate API which requires write permissions, not readonly. This will cause authentication failures at runtime.

Suggested change
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/google_docs/write.ts
Line: 12:12

Comment:
**logic:** This scope is incompatible with write operations. The tool performs document updates via batchUpdate API which requires write permissions, not readonly. This will cause authentication failures at runtime.

```suggestion
    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```

How can I resolve this? If you propose a fix, please make it concise.

},
params: {
accessToken: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_drive/create_folder.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export const createFolderTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUplo
oauth: {
required: true,
provider: 'google-drive',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Using 'drive.readonly' scope for creating folders will fail - this operation requires write permissions. Should use 'https://www.googleapis.com/auth/drive.file' or 'https://www.googleapis.com/auth/drive'

Suggested change
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/google_drive/create_folder.ts
Line: 13:13

Comment:
**logic:** Using 'drive.readonly' scope for creating folders will fail - this operation requires write permissions. Should use 'https://www.googleapis.com/auth/drive.file' or 'https://www.googleapis.com/auth/drive'

```suggestion
    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```

How can I resolve this? If you propose a fix, please make it concise.

},

params: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_drive/get_content.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ export const getContentTool: ToolConfig<GoogleDriveToolParams, GoogleDriveGetCon
oauth: {
required: true,
provider: 'google-drive',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
},

params: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_drive/list.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,7 +10,7 @@ export const listTool: ToolConfig<GoogleDriveToolParams, GoogleDriveListResponse
oauth: {
required: true,
provider: 'google-drive',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Scope change is correct for list operation, but upload and create_folder tools also use 'drive.readonly' which will cause failures since they need write permissions

Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/google_drive/list.ts
Line: 13:13

Comment:
**logic:** Scope change is correct for list operation, but upload and create_folder tools also use 'drive.readonly' which will cause failures since they need write permissions

How can I resolve this? If you propose a fix, please make it concise.

},

params: {
Expand Down
2 changes: 1 addition & 1 deletion apps/sim/tools/google_drive/upload.ts
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -18,7 +18,7 @@ export const uploadTool: ToolConfig<GoogleDriveToolParams, GoogleDriveUploadResp
oauth: {
required: true,
provider: 'google-drive',
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
Copy link
Contributor

@greptile-apps greptile-apps bot Oct 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

logic: Critical issue: Upload tool cannot function with readonly scope. This scope only allows reading files, but upload requires write permissions. Should use drive.file or drive scope instead.

Suggested change
additionalScopes: ['https://www.googleapis.com/auth/drive.readonly'],
additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
Prompt To Fix With AI 
This is a comment left during a code review.
Path: apps/sim/tools/google_drive/upload.ts
Line: 21:21

Comment:
**logic:** Critical issue: Upload tool cannot function with readonly scope. This scope only allows reading files, but upload requires write permissions. Should use `drive.file` or `drive` scope instead.

```suggestion
    additionalScopes: ['https://www.googleapis.com/auth/drive.file'],
```

How can I resolve this? If you propose a fix, please make it concise.

},

params: {
Expand Down