Alternative to Google Drive SDK with less dependencies

Question

I'd like to use the Google Drive API in my C# desktop application. However, I've found the official Google SDK on NuGet to have more dependencies than I'm comfortable with (adding it to my VS2010 project adds 10 additional NuGet packages). I fear these dependencies will clash with other dependencies as my solution grows.

1. Is there an alternative to this approach that utilizes less dependencies?
2. Can I utilize a different OAuth 2.0 library or must I use Google's OAuth sdk? Is there anything special about Google's OAuth 2.0 implementation that would hinder the ability to use an alternative OAuth 2.0 library?

Answer 1

Is there an alternative to this approach that utilizes less dependencies?

You could certainly write your own API using the HttpClient combined with the Drive API. The API uses simple Get/Post/Put/Delete/Patch http methods to change files in the google drive.

Can I utilize a different OAuth 2.0 library or must I use Google's OAuth sdk?

Depends. If you wrote your own, then you can use (or write) any OAuth client. The http methods must include the OAuth information in the requests, so writing your own gives you that type of access.

If you are looking for an actual product recommendation, that would be an off topic question (do not ask #5) for stack overflow.

Update

Let talk about how OAuth works at a very very high level. Once the user authorizes your code to impersonate (for lack of better terminology), you get a Authorization Code, which you use to get an Exchange Token.

The Token is the important part. If a pre-build framework does not have any way for you to specify what the Token is it doesn't matter.

If you wanted to authenticate your request yourself, say using C#, when you make a call to access Google Drive API, you'd want to add the Authorization to the Google Headers (or QueryString, but I personally don't like to use the Querystring):

GET /plus/v1/people/me HTTP/1.1
Authorization: Bearer 1/fFBGRNJru1FQd44AzqT3Zg
Host: googleapis.com

Answer 2

Rolling your own is not too onerous.

All of the http calls are documented on this page https://developers.google.com/accounts/docs/OAuth2, in combination with the sub-page specific to your scenario (eg. embedded, web, etc).

Once you think you understand it, go to the excellent Oauth Playground at https://developers.google.com/oauthplayground/ and watch the http traffic.

Provided you can make http calls that match what you see in the playground, you're diamond.

Most of the effort is in handling the various states that your app may encounter:-

• invalid grant (eg. Google expired the refresh token)
• token expiration
• timeouts
• user declined auth

You have a choice at the http level. You can use C#'s http directly, or you could use the Google http libraries as mentioned by Erik.