GoogleDrive Authentication Issue

Testing GoogleDrive from the perspective of an initial use ie, without an existing TTMSFNCCloudStorageServicesGoogleDrive.ini file, I get a 'Google hasn’t verified this app' error in Edge. The app is in fact verified (checked again today). Using Fiddler, I see a 400 error:

{ "error": "invalid_token", "error_description": "Either access_token, id_token, or token_handle required" }

With my limited expertise here, it seems as though an initial connect request is assuming that a token exists, even though one has not yet been saved of course. Is this my misunderstanding or is there a bug here? Once a connection has been forced, subsequent connects work normally.

When calling Connect from a TTMSFNCGoogleDrive component there is indeed an initial request that checks if any existing tokens are still valid. If no tokens are found or if the existing token is invalid this will return an error and the authorization process is started.
This is unrelated to the error you are seeing.

If an error is displayed on the Google login and/or authorization screen in the browser this means there is a configuration issue with the provided client ID, secret or callback URL. If the settings are valid, there can be an issue with the configuration with the Google app associated with the provided client ID.

Thanks Bart. The client ID, secret and callback.URL are all correct and my app is currently verified by Google. It looks as though my app may be requesting a scope differing from the scopes requested in my OAuth consent screen configuration page. The scopes required in the TMSVCLCloudPackDevGuide.pdf are: : read access : full read/write access

I have the 2nd scope but not the first. The first one states 'See, edit, create, and delete all of your Google Drive files' ie, not read access; and it's a Restricted scope. Perhaps Google has changed things since your doc was written? I'm trying to avoid Restricted scopes if possible. Will the use of unrestricted scope:

be acceptable wrt app database files?

Thank you for notifying.
The info on the Google Drive scopes in the TMS VCL Cloud Pack pdf is indeed out of date.
We'll have to look into updating the pdf.

The first scope now provides full access to all files (sensitive), while the second only allows to create new files and modify selected existing files (non sensitive).

An overview of the available scopes from Google can be found here: Choose Google Drive API scopes  |  Google for Developers

Thanks Bart. I have the 2nd one in my current verified Google authentication. Does TMS FNC Cloud Pack expect me to have the first, sensitive, one as well? If so, that would explain why authentication is failing.

Hi William,

TTMSFNCCloudGoogleDrive adds the following scopes by default. These are required to be able to use all functionality available in the component. However you are free to manually remove scopes from the Scopes list if not needed in your app. Note that you'll loose access to specific functionality associated with the removed scopes.


Good info. I see this code in TMSFNCCloudGoogleDrive.pas and I can manually remove a scope. However, whenever TMS FNC Cloud Pack is updated, I will have to remember to make the amendment. Would you be able to provide a procedure or property to enable me to make the change in my app? I appreciate this will require some work to do.

You should already be able to edit scopes programmatically on application level.


procedure TForm1.FormCreate(Sender: TObject);

Ah, of course. Thanks for that Bart, appreciate your help

Happy to help!

Thank you for letting us know your issue was successfully resolved.
We and your fellow Delphi developers will appreciate you share your positive experience TMS Software | Reviews

Hi again Bart. I thought I had the issue resolved but I'm still getting a verification failed message from Google. Using the Test google Oauth authentication I can see that it is still receiving a request for the restricted scope ''" from my app. I think the issue is that I am only using a TMSFNCCloudStorageServices component and, if I add a TMSFNCCloudGoogleDrive component and change its scopes, it isn't changing the scopes that the TMSFNCCloudStorageServices component is using for GoogleDrive. I can't figure out how to change the GoogleDrive scopes using the TMSFNCCloudStorageServices component.

On further investigation, I found:


Putting this code into the btConnectClick procedure fixes the issue. Again, thanks for your help with this.

Thank you for informing the issue was resolved!

This topic was automatically closed 24 hours after the last reply. New replies are no longer allowed.