Google Drive
Overview
Pre-built tooling
Pre-built integrations
Access requirements
Pre-Requisites | Status | Comment |
---|---|---|
Paid dev account | ✅ Not required | Free, self-signup for a Google Cloud account. |
Paid test account | ✅ Not required | Free Google account can be used for testing. |
Partnership | ✅ Not required | |
App review | ⚠️ Conditional | Required for sensitive and restricted scopes or for publishing to Google Marketplace. |
Security audit | ⚠️ Conditional | May be required as part of the verification process for sensitive scopes. |
Setup guide
Create a Google Cloud account
If you don’t already have one, sign up for a Google Cloud account.
Create a new project
- Go to the Google Cloud Console.
- Click on the project dropdown at the top left of the page.
- Click New Project.
- Enter a Project Name for your project
- Under Location, select the appropriate organization or folder where this project should belong.
If you’re not part of an organization, it will default to No organization
- Click Create and wait for the project to be created.
- Select it from the project dropdown.
Enable the APIs you need
- Go to the API Library in the Google Cloud Console.
- Search for Google Drive API and select the ones you wish to integrate with, such as Google Drive API, Google Drive Activity API, etc., then click Enable for each.
Configure the OAuth consent screen
- Go to APIs & Services > OAuth consent screen in the Google Cloud Console.
- Click Get started.
- Fill in the App Information form.
- App Name: The name of the app asking for consent.
- User support email: For users to contact you with questions about their consent
- Click Next. Select the appropriate Audience:
- External: For applications available to any Google user
- Internal: For applications restricted to users within your Google Workspace organization
- Click Next. Fill in the Contact Information, these are the email addresses that Google will use to notify you about any changes to your project.
- Click Next, then check the I agree to the Google API Services: User Data Policy checkbox, and click Continue.
- Add the scopes your application needs. Under Data Access, click Add or Remove Scopes and select the scopes that correspond to the APIs you enabled. 8 Under Audience, click Add users if you selected External user type (required for testing before verification).
Create OAuth 2.0 credentials
- Go to APIs & Services > Credentials in the Google Cloud Console.
- Click Create Credentials and select OAuth client ID.
- Select Web application as the application type.
- Enter a name for your OAuth client.
- Under Authorized redirect URIs, add
https://api.nango.dev/oauth/callback
. - Click Create.
- A dialog will appear with your client ID and client secret. Save these credentials securely as you’ll need them when configuring your integration in Nango.
Publish your app (switch from Testing to Production)
To move your OAuth app from testing to production:
- Go to APIs & Services > OAuth consent screen > Audience.
- Click Publish App to switch your app from testing to production.
Verify your app (if required)
If your app uses sensitive or restricted scopes, you’ll need to verify it with Google:
- Once published to production, click Prepare for Verification to start the verification process.
- Review and confirm all app details, then click Save and Continue.
- Justify your use of any sensitive or restricted scopes.
- Upload a demo video showing your app’s OAuth flow and scope usage.
- Click Submit for Verification to begin Google’s review.
Next
Follow the Quickstart.
Pre-built Google Drive Integration Overview
Nango’s pre-built Google Drive integration allows you to sync specific files and folders that your users select. The integration uses the following components:
- OAuth Flow: Handle authentication using Nango’s SDK
- Google Drive Picker: Let users select files and folders to sync
- Document Sync: Sync metadata for selected files and folders
- Document Fetching: Download individual file contents as needed
Complete Implementation Guide
The easiest way to implement Google Drive integration is to use the Nango Sample App as your starting point. The sample app provides a complete, production-ready implementation that you can customize for your needs.
You can watch a Loom video walkthrough of the sample app if you prefer.
Requirements
- Docker (desktop) installed & running
- NodeJS & NPM installed
- A Nango account (sign up at nango.dev)
Install & Run Instructions (~10 min)
-
Clone the sample app repository:
-
Start the app:
You should see
[back] Listening on http://0.0.0.0:3010
in the end. If this doesn’t show, kill the process with Ctrl + C and runnpm run start
again. Sometimes the docker database takes a bit longer to start up. -
Expose the app to the internet:
This should print an output similar to:
your url is: https://cute-zebras-hug.loca.lt
If you experience any troubles with this we recommend using ngrok and you need to expose the URL http://localhost:3010:
-
Configure Nango webhooks:
- Copy the URL from the previous step
- Go to Environment Settings in Nango
- Set the primary Webhook URL to
${URL}/webhooks-from-nango
- Example:
https://tame-socks-warn.loca.lt/webhooks-from-nango
-
Access the sample app:
- Open http://localhost:3011
- Click on “Files” to start the Google Drive integration
-
Connect your Google Drive account:
- Click on the “Import from Google Drive” button
- In the connect popup, click on the “Connect” button
- Select your Google Drive account and authorize the app
- Click on the “Finish” button to close the modal.
-
Select the files and folders you want to sync:
- Click on the “Select Files from Google Drive” button
- A modal will appear with the files and folders you can choose from.
- Select the files and folders you want to sync.
- Click on the “Select” button to close the modal.
-
The files and folders will be synced to your Nango account and displayed in the UI.
-
Download a file:
- Click on the “Download” button to download the file.
- The file will be downloaded to your computer.
-
Disconnect your Google Drive account:
- Click on the “Disconnect” button to disconnect your Google Drive account.
- The files and folders will be deleted from your Nango account.
What Happens Under the Hood
The sample app uses Nango to:
-
Authentication
- Authenticate users with Google Drive
- Show the Google Drive picker
- Handle OAuth flow automatically
-
File Syncing
- Sync selected files & folders
- Initial sync on selection
- Periodic updates
-
File Download
- Download raw file content
- Handle different file types
- Use Nango’s proxy for reliable downloads
Key Components
Frontend Implementation
-
Authorization Flow The authorization process is implemented in
front-end/src/api.ts
:postConnectSession
: Initiates the OAuth connectiongetNangoCredentials
: Retrieves credentials after successful authorization
The flow works as follows:
- Frontend initiates connection via
postConnectSession
- Backend creates a Nango connection session
- User is redirected to Google OAuth consent screen
- After authorization, user is redirected back to the app
- Frontend can fetch credentials using
getNangoCredentials
Backend Implementation
-
Webhook Handler & Data Sync The webhook handling and data sync logic is implemented in
back-end/src/routes/postWebhooks.ts
:Key components:
- Main webhook handler that verifies signatures and routes requests
handleNewConnectionWebhook
: Processes new Google Drive connectionshandleSyncWebhook
: Handles sync completion and data processing
The sync process:
- Nango syncs files from Google Drive
- Webhook notifies backend of sync completion
- Backend fetches records using
nango.listRecords
- File metadata is stored in the database
- Deletions are tracked and handled appropriately
-
File Download with Proxy File download functionality is implemented in
back-end/src/routes/downloadFile.ts
:The download process:
- Frontend requests file download with file ID and connection ID
- Backend uses Nango proxy to fetch file from Google Drive
- File is streamed to client with proper headers
- Error handling ensures graceful failure
Key features:
- Uses Nango proxy for secure file access
- Proper content type and disposition headers
- Streaming response for efficient file transfer
- Comprehensive error handling
Integration Flow
-
Authorization Flow:
- Frontend initiates OAuth via
postConnectSession
(front-end/src/api.ts
) - User authorizes access to Google Drive
- Backend receives webhook for new connection (
back-end/src/routes/postWebhooks.ts
) - Initial sync is triggered automatically
- Frontend initiates OAuth via
-
Data Sync Flow:
- Nango syncs files from Google Drive
- Webhook notifies backend of sync completion
- Backend processes records and updates database
- File metadata is stored for later access
-
File Download Flow:
- Frontend requests file download
- Backend uses Nango proxy to fetch file (
back-end/src/routes/downloadFile.ts
) - File is streamed to client
- Proper error handling ensures reliability
Nango Dashboard
Explore these sections in your Nango account:
-
Google Drive Integration
- Integration Settings
- Configure sync settings
- View integration status
-
Connections
- View Connections
- Monitor sync status
- Check connection health
-
Logs
- View Logs
- Track sync operations
- Debug issues
Common Issues and Solutions
-
Connection Issues
- Check Docker is running
- Verify webhook URL is correct
- Ensure Google Cloud credentials are valid
-
Sync Problems
- Check Nango logs
- Verify file permissions
- Monitor sync status
File Type Support
The sample app supports all Google Drive file types through Nango’s proxy:
- Regular files (PDFs, images, etc.)
- Google Docs
- Google Sheets
- Google Slides
- Other Google Workspace files
The implementation handles file type conversion and downloading automatically.
Useful links
Common Scopes
Scope | Description |
---|---|
openid | Access to basic profile information |
profile | Access to user’s basic profile information |
Access to user’s email address | |
https://www.googleapis.com/auth/drive | See, edit, create, and delete all of your Google Drive files |
https://www.googleapis.com/auth/drive.apps.readonly | View your Google Drive apps |
https://www.googleapis.com/auth/drive.file | See, edit, create, and delete only the specific Google Drive files you use with this app |
https://www.googleapis.com/auth/drive.metadata | View and manage metadata of files in your Google Drive |
https://www.googleapis.com/auth/drive.readonly | See and download all your Google Drive files |
https://www.googleapis.com/auth/drive.scripts | Modify your Google Apps Script scripts’ behavior |
API gotchas
- From the scopes page, make sure to select scopes based on the APIs you enabled earlier when setting up the app.
- Under certain circumstances, Google expires a user’s refresh token and the token refresh in Nango will fail. You can find a list of reasons from Google here, including:
- The user has revoked your app’s access.
- The user changed passwords and the refresh token contains Gmail scopes.
- The user account has exceeded a maximum number of granted (live) refresh tokens.
- The user granted time-based access to your app and the access expired.
- If an admin set any of the services requested in your app’s scopes to Restricted.
- For Google Cloud Platform APIs - the session length set by the admin could have been exceeded.
- In “Testing” mode with an external user type, refresh tokens expire in 7 days unless only basic scopes are used — userinfo.email, userinfo.profile, openid, or their OpenID Connect equivalents. You can remove this 7-day limit by switch from Testing to Production. Follow step 6 in the Setup Guide above.
- Google allows up to 100 refresh tokens per account per OAuth client ID; new tokens overwrite the oldest without warning when the limit is reached.
- While setting up the OAuth credentials, the Authorized JavaScript origins should be your site URL (
https://app.nango.dev
if you’re testing from the Nango UI). - For applications using sensitive or restricted scopes, Google requires verification and a security assessment. This process can take several weeks to complete.
- Google’s OAuth consent screen has different configurations for “External” and “Internal” user types. Internal is only available for Google Workspace users and limits access to users within your organization.
- Google implements incremental authorization, allowing you to request additional scopes over time without requiring users to re-authorize all previously granted scopes.
- Google enforces rate limits on API requests, which vary depending on the specific API being used.