There are a few new plugin features that explore the ancillary functions of the Google Drive API, or were intended to be temporary workarounds. These include functionality the developers find “interesting”, but further practical use and development is likely needed. As always your feedback is appreciated.
Limited Drive Access
This feature, only available when using “Legacy” authorization methods, provides a “workaround” for certain pitfalls associated with the old-style authorization flow. However, there are further compromises that the user should be aware of.
On the Sync Authorization tab of the Configuration window, the Use limited Drive access check box specifies how much access, with your authority, the plugin requests from Google Drive. Note that you must check the Enable Legacy OAuth 2.0 Credentials check box first.
If Use limited Drive access is unchecked, the plugin requests unrestricted access to all files and folders. If checked, the plugin will request more restrictive access: only those files which are created, or previously accessed by the plugin can be accessed in this mode.
Google Drive, unlike most traditional file systems, allows creation of objects that have the same name, at the same folder level. If this option is enabled, and a target file and/or folder with the same name exists which was created by you or another application, the plugin will create a new file and/or folder with the same name. Since the plugin does not have permission to access the pre-existing object, it cannot detect its presence, and so duplication occurs on sync.
The only way to avoid this is to ensure that the plugin creates the file and/or folder first, then access the plugin-created objects with other apps.
The original motivation for this feature was to allow the plugin to continue to work with the old plugin’s built-in, but “unverified”, OAuth 2.0 app credentials. After Google changed policies with regard to unverified app access, users were faced with the choice of using this access mode, or obtaining and using personal OAuth 2.0 credentials. There are reports of success with both alternatives.
But beyond the “workaround” utility, the feature may only provide false security, incompatibility, and confusion, for at least two reasons (the above mentioned “compromises”).
First, the limited or restricted access mode does not integrate well with other KeePass compatible software that use Drive hosted sync files, in particular, Android and other mobile apps). Since other apps often have “full” access, the duplication issue mentioned above may occur.
Second, the plugin’s behavior is verifiably benevolent, and its use of your account is well documented here and in the code. Only the files and folders that you direct it to are accessed, simply by the name of the database file, and if given, a folder it resides in (see next section), and nothing more.
For these reasons, we currently recommend avoiding the use of this feature, or any feature involving the “legacy” authorization methods.
The Drive API allows clients to create folders with one of several colors, as viewed in the Drive web interface. For users of the Target Folder feature, the plugin offers this option as well. On the “Options and Defaults” tab, you can specify the color of your choice for folders created by the plugin. Existing folder colors can only be directly changed in the web interface. To select from the available colors, you must first open a KeePass database that has been configured and authorized to synchronize.