Download File from OneDrive using REST API - node.js

I am trying to find a way out using node js to fetch the list of files (xlsx and CSV files are of my interest) from User's Microsoft OneDrive. From the list, choose the file and then download it into the local system.
I can see Microsoft documentation about using OneDrive REST API here. But, since I am new at this, I am not really able to work this around. Any help will be appreciated.
I want to do something similar to what we can do with Google Drive where I could get a list of files along with their names and unique id and when the user chooses one file, by use of the unique id, I was able to download the required file. I am wondering if a similar thing can be done with OneDrive.
My progress so far:
I am able to ask users to provide their consent and get code in return to redirect Uri (localhost in my case).
The link that does this- https://login.microsoftonline.com/common/oauth2/v2.0/authorize?client_id={my_client_id}&scope=User.Read%20offline_access%20Files.ReadWrite.all%20Files.ReadWrite&response_type=code&response_mode=query&redirect_uri=https://localhost:3400
After getting the code, I exchanged it for refresh token.
To do this exchange, I used Postman for the POST request. The URL for that is https://login.microsoftonline.com/common/oauth2/v2.0/token?grant_type=authorization_code&client_id=your_app_client_id&code=use_the_code_returned_on_previous_step
Now that I have a refresh token, I want to do operations like listing the files on my OneDrive and select anyone to download.

I suggest looking into the Graph API as follows, and using the same auth_token received above. Instead of /me you can substitute a user ID as well.
Get information about the user's drive:
GET https://graph.microsoft.com/v1.0/me/drive
Get the root folder of the drive:
GET https://graph.microsoft.com/v1.0/me/drive/root/
Note: the documentation and the paths in the JSON results say "root:" but I haven't been able to get it work work with the colon.
Embedded in the result you should see:
"folder": {
"childCount": {whatever the count is}
},
To see the files that are in the folder:
GET https://graph.microsoft.com/v1.0/me/drive/root/children
Files will have an id and a name, both of which can be used to retrieve them:
"createdDateTime": "2020-07-05T18:08:37Z",
"eTag": "\"{29C06DFA-92AE-48D5-AF3D-149EF959030F},1\"",
"id": "01EC2X7VP2NXACTLUS2VEK6PIUT34VSAYP",
"lastModifiedDateTime": "2020-07-05T18:08:37Z",
"name": "wizard of wor.png",
To download a file by ID:
https://graph.microsoft.com/v1.0/me/drive/items/01EC2X7VP2NXACTLUS2VEK6PIUT34VSAYP/content
Or by path (in example below Wizard of Wor.png is the file name):
https://graph.microsoft.com/v1.0/me/drive/root/children/Wizard%20of%20Wor.png/content
Documentation sources:
https://learn.microsoft.com/en-us/graph/api/driveitem-list-children?view=graph-rest-1.0&tabs=http
https://learn.microsoft.com/en-us/graph/api/driveitem-get-content?view=graph-rest-1.0&tabs=http

Related

Error 403 Forbidden when trying to replace encrypted item on onedrive

I have a file on OneDrive that is labeled and encrypted with Microsoft Information Protection SDK.
I have an application that downloads the file, applies a new label on it (with MIP) and upload it back to OneDrive.
I'm able to download the file and overwrite the label, but when trying to upload it back I get error 403 Forbidden.
Note that for non-encrypted files the flow runs without any problems.
I tried changing some permissions but have not been able to solve the issue. These are the set of permissions that I have (got the list from https://jwt.ms/ using the token):
"Sites.Selected",
"Mail.ReadWrite",
"User.ReadWrite.All",
"Domain.ReadWrite.All",
"Calendars.Read",
"People.Read.All",
"Directory.ReadWrite.All",
"Sites.Read.All",
"Sites.ReadWrite.All",
"Sites.Manage.All",
"Files.ReadWrite.All",
"Directory.Read.All",
"User.Read.All",
"InformationProtectionContent.Write.All",
"Files.Read.All",
"Mail.Read",
"Directory.Write.Restricted",
"Calendars.ReadWrite",
"InformationProtectionPolicy.Read.All",
"Contacts.Read",
"InformationProtectionContent.Sign.All",
"Sites.FullControl.All"
Some of these permissions are for other purposes.
Any suggestions would be appreciated.
Thank you.

What is the correct way to handle changes.watch webhook requests?

I'm trying to watch for google drive changes, and write down history of changes in database, also I want to store the files (all versions).
For now I have set up webhook, so I get some info in request.header, but this info looks weird, only message number differs, resourceUri or pageToken in it are the same.
Request headers don't contain info about file or folder that was changed. No change id, no file id, no actors.
I want to know, how this method is helpful and what should I do to get real-time changes with information about files that were changed.
There are some steps to handle Drive file changes.
1. Choose the change type you want to track
It could be just changes within the file, changes in the file metadata, such as moving the file to another folder or to a shared drive. You might want to use the Reports API for that one.
2. Watch for changes
You can use the Changes API to detect what data has changed or has been removed. If you want detailed information about the changes, you can also check the Activity API
3. Get the notification
Set up a webhook when changes are detected on the file
POST https://www.googleapis.com/drive/v3/files/fileId/watch
Authorization: Bearer auth_token_for_current_user
Content-Type: application/json
{
"id": "01234567-89ab-cdef-0123456789ab", // Your channel ID.
"type": "web_hook",
"address": "https://example.com/notifications", // Your receiving URL.
...
"token": "target=myApp-myFilesChannelDest", // (Optional) Your channel token.
"expiration": 1426325213000 // (Optional) Your requested channel expiration time.
}
Sample code from https://developers.google.com/drive/api/v3/push
4. Export the new version of the file
After a new change is triggered, you can download the new file version using the export method
You can check a more detailed guide on https://developers.google.com/drive/api/v3/manage-revisions

Microsoft Graph API - Copying SharePoint file - Item not found

I'm working with Graph API against Microsoft Teams team's SharePoint site.
I'm following the example on this page (https://learn.microsoft.com/en-us/graph/long-running-actions-overview?tabs=http) and have an issue. I'm able to query the location provided by the copy endpoint and get a "Completed" status that also provides a ResourceId. But I'm unable to use this resource id in any queries and only getting "Item not found".
Example of paths tried:
/drives/{driveId}/items/{resource-id-returned-from-monitor-url}
/groups/{groupId}/drive/items/{resource-id-returned-from-monitor-url}
The {driveID} is the driveId specified in the parentReference.DriveId in the copy file body.
I'm using the v1 Graph endpoint to get the file.
Btw, I can see the file fine in the correct folder within SharePoint.
Any ideas?
Regards,
Oskar
I wasn't using the DriveId supplied by the /education/***/setUpResourcesFolder Location header but rather the Drive of the class.
Fixed by using the driveId part of the Location URL.

Creating new task through WebHook with Asana API

I am working with a form system very similar to WUFOO that allows me to send data to an external website using WebHooks.
I have been able to connect my form to my ASANA system through Zapier but I cannot seem to get the API system to operate correctly. Can someone please advise or assist me on what I am doing incorrectly here?
In the screenshot note the following:
- Web URL functions for any web URL (https or http)
- HTTP method has POST, PUT, or GET options
- Data format allows me to input virtually anything so I can match up form fields with any necessary names for ASANA.
I simply cannot get the system to connect to ASANA. Please help me.
Screen shot of WebHook Options
I don't have access to your exact form builder but assuming it does what it says it is doing you can try the following. I'll use creating a task as an example.
Create a personal access token in Asana. To do this log in to Asana, click the icon in the top right corner and open "My profile settings". Go to the apps tab and create a personal access token. You will only ever see this token once so create a new one if you lose it. Also retrieve your workspace id, you can get it by opening app.asana.com/api/1.0/workspaces while logged in.
Now back to your form. For the website url place the specific endpoint you want to hit at Asana. For example, lets create a new task:
https://app.asana.com/api/1.0/tasks
Under the HTTP Method you want to select POST
Under the HTTP Headers you want to specify something like (replace 0/1234abcd with your access token):
{
"Authorization": "Bearer 0/1234abcd",
"Content-Type": "application/json"
}
You can use Send Raw Data and specify something like the following in the raw data section (replace 1234 with your workspace id):
{
"data": {
"workspace": 1234,
"name": "The name of the task"
}
}
You can of course add other fields- please see the API reference for more information:
https://asana.com/developers/api-reference/tasks
Let me know if that works for you.

Opening a google drive file using the google drive api while I'm NOT signed in to google drive

This has really been bugging me for some time so any help to confirm or affirm this is much appreciated! This is also the first time I actually post a question despite being developing for a long time :)
So I have a nodejs app integrating with the Google Drive API and I want users to authorize multiple Google Drive accounts and be able to view and open (and in general just interact with) all files from the accounts that they add.
I authorize my app using the highest available scope: https://www.googleapis.com/auth/drive and because I don't want users to have to sign-in again when the access_token runs out so I also include the approval_prompt: "force" and ``access_type: "offline"` when I request my access tokens.
Everything is fine - I authorize nicely, I can delete files, I can open them, I can share them, I can download them. Except for one thing:
If I e.g. authorize horse#gmail.com and then beaver#gmail.com. Then I can still delete, share, download and preview files from both accounts. But I simply cannot open documents from horse#gmail.com in google docs for editing (because beaver#gmail.com is signed in on my local machine). The best I can do is getting to a point where it shows me the document, with the right account logged in in the top right corner of the screen, but asks me to sign-in with a button. When I click the button it just refreshes and give me the same message and the same screen.
What I've tried is:
Simply redirecting the user to the file resources alternateLink from the API
Taking the alternateLink and appending my access_token to it and then redirect the user to it.
(and a ton of other random things I found various places that didn't work).
In both cases I have also tried signing out from all google accounts.
Now I checked a couple of webservices like Jollicloud and Odrive that tries something similar. However, both of them appear to force the user to login to google to access a file.
Is it really true that you can do all kinds of crazy things with the users files like deleting and downloading, but you can't open them in Google Docs own apps?
Not completely sure what kind of code I should add to show you what I've got. But here's some. This is my open action (what happens when the user clicks on a file and wants to open the file in the Google Docs/Sheet/etc.) (the orientdb stuff is because we're using the OrientDB graph database - it just fetches an account where we store the tokens). The link is the link property of the file (see below):
open: function(req,res,next){
var link = req.param("link");
var uid = req.param("uid");
orientdb.select().from('Account').where({uid: uid}).one()
.then(function(account){
var URL = link + "&access_token=" + account.tokens.access_token;
res.redirect(URL);
});
}
Here's an example file document from our database (I've replaced all compromising data with a descriptive
ODocument - Class: File id: #13:20499 v.6
name : Hummer2
service : Gdrive
kind : Google Doc
created : Nov 17, 2014
changed : Nov 17, 2014
users : [MB]
uid : mrb#flowtale.com
childID : <FILE.ID>
exportLinks : {DOCX=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=docx, Open Office doc=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=odt, Rich text=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=rtf, HTML=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=html, Plain text=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=txt, PDF=https://docs.google.com/feeds/download/documents/export/Export?id=<FILE.ID>&exportFormat=pdf}
usernames : [<ARRAY OF USERNAMES ASSOCIATED WITH THIS FILE>]
in_hasFile : User#11:0{out_hasFile:[size=2237],out_hasAccount:[size=4],username:null,email:h#h.com,password:<SOME ENCRYPTED PASSWORD>} v2244
out_belongsTo : Account#12:3{in_belongsTo:[size=6],type:Gdrive,uid:<SOME UID>,tokens:{access_token=<OUR ACCOUNT ACCESS TOKEN>, token_type=Bearer, refresh_token=<OUR ACCOUNT REFRESH TOKEN>, expiry_date=1416258913290},rootFolderID:<ROOT FOLDER ID>,email:<THE ACCOUNT EMAIL>,filesCached:2,usersCached:2,job:4,in_hasAccount:#11:0} v15
in_folderContains : File#13:20495{out_folderContains:[size=2],name:Testhest,service:Gdrive,kind:folder,created:Oct 12, 2014,changed:Oct 12, 2014,users:[1],link:https://docs.google.com/a/flowtale.com/folderview?id=<FOLDER.ID>&usp=drivesdk,uid:mrb#flowtale.com,childID:<FOLDER.ID>,exportLinks:{},usernames:[1],parents:[1],in_hasFile:#11:0,out_belongsTo:#12:3,in_folderContains:#13:13891} v36
link : https://docs.google.com/a/flowtale.com/document/d/<FILE.ID>/edit?usp=drivesdk
Looking forward to hear if anybody can help me or have experienced this before.
Thanks!
The API will allow you to do several actions in your drive account. I haven't been able to reproduce the behavior you mention with files that I haven't granted permissions to another account.
When you authenticate through the OAuth process, you will grant access to your account only to the application which created the OAuth request. You can not edit the content of a file without manually opening it through GDocs. Therefore, when the browser opens the AlternateUrl, it will require you to login to the account, in order to access the file.

Resources