PowerShell – OAuth & Downloading,Uploading to Google Drive via Drive API

Google offers a REST API that can be accessed via PowerShell to Upload, Download, and change files relatively easily.

Where does this come handy? This could be used to dynamically process Active Directory, Office 365, employee onboarding workflows, or any other system changes off a Google Sheet. This also allows the sysadmin to routinely upload logs, backup files, or any other data to Google Drive as apart of their job process.

This guide shows from start to finish how to generate an OAuth token, Download a file, and upload a file to Google Drive via the Drive REST HTTP API.

Create Project and OAuth Tokens

  1. Go to https://console.developers.google.com/iam-admin/projects?
  2. Create a new project
  3. Enable the Drive API by selecting the Drive API and selecting enable API , after creating your project.
  4. Click Credentials
  5. Create OAuth Client ID Credentials
  6. Select Web Application as product type
  7. Configure the Authorized Redirect URI to https://developers.google.com/oauthplayground must not have a ending “/” in the URI
  8. Save your client ID and Secret
  9. Browse to https://developers.google.com/oauthplayground
    This saves us time from generating an OAuth request in PowerShell. This is where we will authorize our Project to our Google Account using our provided Client ID and Client Secret. 
  10. Click the gear in the right-hand corner and select “Use your own OAuth credentials
  11. Authorize the https://www.googleapis.com/auth/drive API
  12. Click “Exchange Refresh Token for Access Token”
    explanation – Access Tokens have a limited lifetime (approximately 60 minutes) whereas Refresh Tokens last indefinitely (some exclusions here). The Access Token is what you will hardcode into your script, configuring the script to hit the Google Identity Platform to request a Refresh Token on execution. 
  13. Save your Refresh Token

Get Auth Token & Download

Now that we have our Refresh Token, Client ID, Client Secret we can request an Access Token with PowerShell.  Random but lookalike values gave for variables.

note that Invoke-RestMethod was used instead of Invoke-WebRequest. Invoke-RestMethod returns the output to a JSON object that we can easily work with going forward.

Our access token is now  $accessToken = $GAuthResponse.access_token .

Now that we have the Access Token, downloading from Drive is pretty straight forward.

Notice here that I am requesting to download a Google Sheet as CSV. This is done by calling /{DocumentID}/export?mimeType=txt/csv against the API endpoint. Other formats are supported depending on your file type, or /export can removed if the file is not a G Suite file type. More info on this here.

Uploading to Drive

Traditionally, uploads to Drive are sent via 2 requests. One to send file metadata to get the DocumentID, the second to PUT the contents of the file to the DocumentID. However, the  https://www.googleapis.com/upload/drive/v2/files endpoint supports Multi part uploads, allowing us to send metadata and file contents in one request.




PowerShell – Cleaning up old files with Compress-Archive & organizing by date

Windows Management Framework 5.0 introduces a few new Commandlets, notibly Compress-Archive which makes creating a .ZIP from within PowerShell extremely easy.  Below is a small project I worked on this week to clean up an FTP server used by automated processes.

This script grabs all files older than 24 hours, moves them into a folder by day, zips that folder, then deletes the folder.  Included error handling will capture the error and send via SMTP.

Any reccomendations/comments welcomed!