Google Cloud Professional Cloud Developer — Question 78

You are creating a web application that runs in a Compute Engine instance and writes a file to any user's Google Drive. You need to configure the application to authenticate to the Google Drive API. What should you do?

Answer options

• A. Use an OAuth Client ID that uses the https://www.googleapis.com/auth/drive.file scope to obtain an access token for each user.
• B. Use an OAuth Client ID with delegated domain-wide authority.
• C. Use the App Engine service account and https://www.googleapis.com/auth/drive.file scope to generate a signed JSON Web Token (JWT).
• D. Use the App Engine service account with delegated domain-wide authority.

Correct answer: A

Explanation

The correct answer is A because using an OAuth Client ID with the https://www.googleapis.com/auth/drive.file scope allows the application to request access tokens for users, specifically for file operations. The other options either involve domain-wide authority, which is unnecessary for individual user access, or utilize the App Engine service account, which does not offer the same level of per-user access needed for this scenario.