Answer-first summary for fast verification
Answer: Use an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
The application needs to authenticate to Google Drive API to write files to any user's Drive. Option A is correct because using OAuth Client ID with the drive.file scope allows the app to obtain an access token for each user after they authenticate. The drive.file scope permits the app to create and modify files it specifically creates, which fits the scenario where each user grants access individually. Options B, C, and D are incorrect: B refers to domain-wide delegation which applies to service accounts, not OAuth Client IDs; C and D mention App Engine service accounts, which are irrelevant here as the app runs on Compute Engine. Domain-wide delegation (B, D) would require a service account and admin setup, which isn't addressed in the question.
Author: LeetQuiz Editorial Team
Ultimate access to all questions.
How should you configure authentication for a web application running on Compute Engine that needs to write files to users' Google Drive via the Google Drive API?
A
Use an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
B
Use an OAuth Client ID with delegated domain-wide authority.
C
Use the App Engine service account and https://www.googleapis.com/auth/drive.file scope to generate a signed JSON Web Token (JWT).
D
Use the App Engine service account with delegated domain-wide authority.
No comments yet.