Drive API Permissions seem a bit heavyweight?

[glenjamin]

I tried to open the following link:
https://chromedevtools.github.io/timeline-viewer/?loadTimelineFromURL=drive://1kj9M7frgskdtlWH_eMFDwuT8USgOte9w

Which takes me to a page that isn't obviously trying to load a file - but then I spot the green button for GDrive API access, so I figure that should make things work, and click on it.

However the prompt I get tells me that I need to provide access to rather a lot, when I'm only trying to view what I'm pretty sure is someone else's public file.

This app wants permission to access everything in your Google Drive. It will be able to do the same things that you can do, including:

From the permissions dialog:

See your files
Upload and download your files
Delete your files
See the names and emails of people that you share files with
Share and stop sharing your files with others
Remove people from your files
Organise your Drive
There may be private information in your Google Drive, like financial records, medical reports, photos or tax info.

I suspect this might be a limitation of the google drive api itself? I know the source code is auditable, so this is probably safe to give away, but I figured I'd record the issue anyway.

[denar90]

Hi, we request permissions because we have features to upload to gdrive and make this trace public automatically.

---

from https://developers.google.com/drive/api/v3/about-auth

https://www.googleapis.com/auth/drive | Full, permissive scope to access all of a user's files, excluding the Application Data folder. Request this scope only when it is strictly necessary.

and part in code

---

If this feature confuses folks, we probably should rethink approach:

1. Invest some effort into smth like: request limited access when user whants to just watch trace, and request additional when user wants to upload to gdrive
2. Finish Firebase uploading v0 #59 and Trace hosting server #52

cc @paulirish