Problem
Using --drive-scope=readonly during auth still results in full read-write access to Drive. The flag doesn't appear to restrict permissions as expected.
Steps to Reproduce
gog auth add user@gmail.com --services=drive --drive-scope=readonly --force-consent
After completing OAuth flow, the token still has write access to Drive.
Expected Behavior
The resulting token should only have drive.readonly scope, preventing file creation/modification/deletion.
Actual Behavior
Full read-write access is granted despite the --drive-scope=readonly flag.
Environment
- gog version: v0.9.0
- OS: Ubuntu (WSL2)
Additional Context
This may be related to how scopes are combined when multiple services are authorized, or the scope may not be getting passed correctly to the OAuth flow.
I'm trying to set up a secure configuration where an AI assistant can read Drive files but cannot modify them. Currently this isn't possible even with the readonly flag.
Problem
Using
--drive-scope=readonlyduring auth still results in full read-write access to Drive. The flag doesn't appear to restrict permissions as expected.Steps to Reproduce
After completing OAuth flow, the token still has write access to Drive.
Expected Behavior
The resulting token should only have
drive.readonlyscope, preventing file creation/modification/deletion.Actual Behavior
Full read-write access is granted despite the
--drive-scope=readonlyflag.Environment
Additional Context
This may be related to how scopes are combined when multiple services are authorized, or the scope may not be getting passed correctly to the OAuth flow.
I'm trying to set up a secure configuration where an AI assistant can read Drive files but cannot modify them. Currently this isn't possible even with the readonly flag.