What I want: duplicacy to target storage on my g-suite account, but:
- without polluting My Drive and
- without need to renew tokens and depend on duplicacy.com being up to do so
- to not depend on duplicacy.com owned google project and inherited limitations, such as api rate.
It seems 1) and 2) is impossible to accomplish today: correct me if I’m wrong.
For 1) the token needs to be created with scope
drive.appdata and not
drive. Right now the scope is hard-coded server-side. I’d argue this needs to be a default – nobody needs to access duplicacy datastore directly; it’s an opaque container, messing with it can only bring sorrow. It’s literally application data and shall be treated as such.
For 2) OAuth is out of the window – due to expiring and renewable tokens, so I would need to use service account with domain delegation enabled; and for that duplicacy needs to be able to impersonate the service account (see
createDelegated) as another domain user. Rclone can do it, (see --drive-impersonate), duplciacy can’t.
Corrections? Other ideas?