[google_drive_trigger] Non-admin users get 403 error when using trigger in workflow

[cazziwork]

Self Checks

• This is only for bug report, if you would like to ask a question, please head to Discussions.
• I have searched for existing issues Dify issues & Dify Official Plugins, including closed ones.
• I confirm that I am using English to submit this report (我已阅读并同意 Language Policy).
• [FOR CHINESE USERS] 请务必使用英文提交 Issue，否则会被关闭。谢谢！:）
• Please do not modify this template :) and fill in all the required fields.

Dify version

1.12.1

Plugin version

1.3.0

Cloud or Self Hosted

Cloud

Steps to reproduce

Description

When a user without admin privileges tries to use the Google Drive Trigger plugin in their workflow, they encounter a 403 permission error. This prevents non-admin workspace members from using triggers created by admin users.

Environment

• Plugin: google_drive_trigger v1.3.0
• Dify Version: Self-hosted
• User Role: Non-admin workspace member

Steps to Reproduce

1. Admin user creates a Google Drive subscription via OAuth authentication
2. Non-admin user opens the workflow builder
3. Non-admin user adds "Google Drive Change Detected" trigger to their workflow
4. Non-admin user attempts to configure or use the trigger

Error Messages

The following errors are displayed:

Error 1:
You don't have the permission to access the requested resource. It is either read-protected or not readable by the server

Error 2:
Request failed with status code 403: GET https://cloud.dify.ai/console/api/workspace/current/trigger-provider/langgenius/google_drive_trigger/google_drive_trigger/oauth/client

Expected Behavior

Non-admin users should be able to:

• Use triggers created by admin users in their workflows
• Access the trigger configuration without 403 errors
• Receive webhook notifications when Google Drive changes occur

This is essential for workspace-shared trigger plugins.

Actual Behavior

Non-admin users receive a 403 Forbidden error when attempting to access the OAuth credentials associated with the trigger subscription, preventing them from using the trigger entirely.

Impact

This effectively makes the Google Drive Trigger plugin unusable in multi-user workspaces where not all users have admin privileges. Only the admin who created the subscription can use the trigger, which severely limits the plugin's usefulness.

Additional Context

The 403 error suggests that the OAuth client credentials are protected at the admin user level rather than being shared at the workspace level. For workspace-shared plugins, the subscription and its associated credentials should be accessible to all workspace members.

✔️ Error log

No response