fix(scopes): removed scope from google

[aadamgough]

Summary

Removes breaking scope temporarily until we get a new one approved.

Type of Change

• Bug fix

Checklist

• Code follows project style guidelines
• Self-reviewed my changes
• Tests added/updated and passing
• No new warnings introduced
• I confirm that I have read and agree to the terms outlined in the Contributor License Agreement (CLA)

[vercel]

The latest updates on your projects. Learn more about Vercel for GitHub.

1 Skipped Deployment

Project	Deployment	Preview	Comments	Updated (UTC)
docs	Skipped			Nov 22, 2025 2:28am

[greptile-apps]

Greptile Overview

Greptile Summary

Removed https://www.googleapis.com/auth/drive.readonly scope from all Google OAuth integrations (Drive, Docs, Sheets) as a temporary fix for a breaking scope issue. The remaining drive.file scope only grants access to files created or opened by this app, not existing user files.

Critical Impact:

• Download operation: Users cannot download existing Drive files unless created through this app
• List operation: Folder browsing restricted to app-created folders only
• File/folder selectors: UI will show all files but throw permission errors on selection of existing files
• Google Sheets/Docs blocks: Cannot access existing spreadsheets or documents

Behavior Change:
Before: Users could access any file in their Drive
After: Users can only access files they created through this application

This creates a breaking change for existing workflows that rely on accessing pre-existing Drive files. The PR description indicates this is temporary until a new scope is approved.

Confidence Score: 1/5

• This PR introduces breaking functionality - users will experience permission errors when accessing existing Drive files
• The scope removal causes a fundamental breaking change in functionality. While the code changes are clean and consistent, the drive.file scope severely restricts file access to only app-created files, breaking existing use cases for downloading, listing, and accessing pre-existing Drive files
• google_drive.ts requires the most attention - all file/folder selector operations will fail for existing files. google_sheets.ts and google_docs.ts have similar issues with accessing existing documents

Important Files Changed

File Analysis

Filename	Score	Overview
apps/sim/lib/auth.ts	2/5	Removed drive.readonly scope from google-docs, google-drive, and google-sheets OAuth providers. This will prevent users from accessing existing Drive files not created by the app.
apps/sim/lib/oauth/oauth.ts	2/5	Removed drive.readonly scope from OAuth provider configs. This restricts file access to only files created/opened by this app.
apps/sim/blocks/blocks/google_drive.ts	1/5	Removed drive.readonly from all file/folder selectors. Download and list operations will fail on pre-existing files since drive.file only grants access to app-created files.
apps/sim/blocks/blocks/google_docs.ts	2/5	Removed drive.readonly scope. Users cannot access existing Google Docs unless they were created through this app.
apps/sim/blocks/blocks/google_sheets.ts	2/5	Removed drive.readonly scope from spreadsheet selector. Existing sheets will not be accessible unless created via this app.

Sequence Diagram

sequenceDiagram
    participant User
    participant UI as OAuth Modal
    participant Auth as auth.ts
    participant Block as Google Drive Block
    participant API as Google Drive API

    User->>UI: Select Google Drive operation
    UI->>Auth: Request OAuth with scopes
    Note over Auth: OLD: drive.readonly + drive.file<br/>NEW: drive.file only
    Auth->>API: Authenticate with drive.file scope
    API-->>Auth: Access token (limited to app-created files)
    Auth-->>Block: Provide access token
    
    alt Download/List existing file
        User->>Block: Select existing file via file-selector
        Block->>API: Request file metadata/content
        API-->>Block: 403 Forbidden (file not created by app)
        Block-->>User: Permission error
    else Access app-created file
        User->>Block: Select app-created file
        Block->>API: Request file metadata/content
        API-->>Block: Success
        Block-->>User: File data returned
    end

Loading

[greptile-apps]

Additional Comments (3)

1. apps/sim/blocks/blocks/google_drive.ts, line 233-244 (link)

   logic: File selector will show all user files, but drive.file scope will only allow downloading files created by this app. This creates a confusing UX where users can see files but get permission errors when selecting them.

2. apps/sim/blocks/blocks/google_drive.ts, line 195-206 (link)

   logic: Folder listing will fail for existing folders. Users can only list contents of folders created through this app with drive.file scope.

3. apps/sim/blocks/blocks/google_sheets.ts, line 44-52 (link)

   logic: Spreadsheet selector will fail to access existing sheets. Only sheets created by this app will be accessible with drive.file scope.

_{6 files reviewed, 5 comments}

_{Edit Code Review Agent Settings | Greptile}

[greptile-apps]

logic: drive.file scope only allows access to files created/opened by this app. Users will get permission errors when trying to download, list, or access existing Drive files they didn't create through this app.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/sim/blocks/blocks/google_drive.ts
Line: 39:39

Comment:
**logic:** `drive.file` scope only allows access to files created/opened by this app. Users will get permission errors when trying to download, list, or access existing Drive files they didn't create through this app.

How can I resolve this? If you propose a fix, please make it concise.

[greptile-apps]

logic: Document selector will only show docs created by this app. Existing Google Docs won't be accessible with drive.file scope.

Prompt To Fix With AI

This is a comment left during a code review.
Path: apps/sim/blocks/blocks/google_docs.ts
Line: 35:40

Comment:
**logic:** Document selector will only show docs created by this app. Existing Google Docs won't be accessible with `drive.file` scope.

How can I resolve this? If you propose a fix, please make it concise.