Change cache location for oauth token?

[ha0ye]

I am running a script in a Docker container with a provided oauth token for {{googledrive}}.

The token itself is found ok, and I can set the cache location with
options(gargle_oauth_cache = ...)

but then when I run googledrive::drive_auth(), it tries to cache it in the default location (which is not-accessible in the Docker container).

It's not a big deal for me to create the directory, but it seems strange to me that this location cannot be changed?

> googledrive::drive_auth(token = my_token)
trying `token_fetch()`
Trying `credentials_byo_oauth()` ...
! The `scopes` cannot be specified when user brings their own OAuth token.
ℹ The `scopes` are already implicit in the token.
ℹ Requested `scopes` are effectively ignored.
! Token's declared scopes are not the same as the requested scopes.
ℹ Scopes declared in token: ...drive, ...userinfo.email
ℹ Requested scopes: ...drive
putting token into the cache:
~/Library/Caches/gargle
Warning caught by `token_fetch()`:
cannot open compressed file
'/root/Library/Caches/gargle/[email protected]',
probable reason 'No such file or directory'
Error caught by `token_fetch()`:
cannot open the connection

---

If I create the /root/Library/Caches/gargle/ folder first, then drive_auth() runs successfully.

[jennybc]

I am having a hard time following this.

The token itself is found ok, and I can set the cache location with
options(gargle_oauth_cache = ...)

I would expect that to unfold in the opposite order. As in, first you set the option. Then you do something to trigger auth, at which point the "token ... is found ok."

These tokens have their cache path built into them and that can't be changed. So I think you need to fully embrace the caching workflow or fully take charge of the token. I think you are in the awkward middle.

Tell me what happens before this:

googledrive::drive_auth(token = my_token)

Where does my_token come from?

[ha0ye]

Ah, ok, I was wondering if the token had a cache baked in. I created the token in an interactive session and encrypt it to an RDS file. My goal is to deploy for non-interactive use by sharing the encrypted token and providing the decrypt key via environmental variable.

[ha0ye]

For some reason, I had a different workflow for generating the token and encrypting it that was almost identical to https://gargle.r-lib.org/articles/managing-tokens-securely.html except that I didn't set cache = FALSE when getting a token in the first place, so I'm guessing that is the source of my issue.

[jennybc]

It sounds like what you are doing is very similar to something I wrote up here for gmailr: https://gmailr.r-lib.org/articles/deploy-a-token.html.

Yes, given what you want to do, you want cache = FALSE when you first obtain that token so it doesn't "remember" a cache path when you re-use and refresh it elsewhere.