summary
Connecting a Figma plugin to Google Drive requires OAuth authentication, the right API scopes, and folder permissions — three things that trip up designers who've never wired a plugin to a cloud account before. This guide walks each step: how the auth flow works, which permissions you're granting, and what happens when the connection is live.
what does "connecting a Figma plugin to Google Drive" actually mean?
Figma plugins run in a sandboxed environment. They can't silently access external services — every connection to a third-party API requires an explicit authentication handshake. For Google Drive, that handshake is OAuth 2.0.
When you connect a Figma plugin to Google Drive, you're authorising a specific application to act on your behalf within defined limits. The plugin never sees your Google password. Instead, Google issues an access token — a short-lived credential the plugin uses to read and write files on your behalf.
The distinction matters: you're not "logging into Google" through Figma. You're delegating specific, revocable permissions to a plugin for a specific Google account.
how does OAuth work inside a Figma plugin?
Figma plugins can't open browser tabs or run persistent background processes. OAuth, by design, requires a browser redirect. This creates a challenge that plugin developers solve using Figma's openExternal API — which opens a URL in the user's default browser — combined with a temporary server or redirect handler that completes the OAuth flow and passes the resulting token back to the plugin.
The sequence looks like this:
- Plugin calls
figma.openExternal()with a Google OAuth URL, including aredirect_uripointing to a plugin-controlled endpoint. - The user sees Google's consent screen in their browser and approves the requested scopes.
- Google redirects to the
redirect_uriwith an authorisation code. - The plugin's backend exchanges that code for an access token and refresh token.
- The token is returned to the plugin — typically via a polling mechanism or a deep link — and stored securely for subsequent requests.
Refresh tokens matter here. Access tokens expire after one hour. A refresh token lets the plugin obtain new access tokens without prompting you to re-authenticate on every session.
what scopes does a Google Drive plugin request — and why?
OAuth scopes define what the plugin can and can't do with your Google account. When you see the consent screen, the scopes listed determine the exact permissions being requested. For a Figma-to-Drive export plugin, the relevant scopes are narrow:
- https://www.googleapis.com/auth/drive.file — read and write access to files the plugin creates or opens. This is the minimum scope for upload functionality and is intentionally restricted: the plugin cannot see files it didn't create.
- https://www.googleapis.com/auth/drive.readonly — if the plugin needs to list existing folders so you can pick a destination, this or a narrower metadata scope is required.
A well-built plugin requests the narrowest scope that supports its functionality. If you see a request for full Drive access (https://www.googleapis.com/auth/drive) from an export plugin, that's a signal worth questioning — full access is rarely necessary for read-and-write-to-a-specific-folder use cases.
ExportHub uses drive.file scope only. It can write to folders you select and read metadata from folders you navigate to, but it has no visibility into the rest of your Drive.
how do folder permissions work in Google Drive?
Google Drive permissions operate at the file and folder level. When a plugin creates a file inside a folder, that file inherits the sharing settings of the parent folder. This has practical implications for design teams:
- If you export to a shared team folder, everyone with access to that folder can immediately see the uploaded assets — no manual sharing required.
- If you export to a personal folder, only you can see the files until you share them explicitly.
- Nested folders inherit permissions from their parent unless overridden. Creating a new subfolder inside a shared project folder makes that subfolder shared too.
For agencies handing off assets to clients, folder structure matters before you start exporting. Setting the right permissions at the top-level project folder means every export lands in the right access context automatically. A practical structure for that is covered in Google Drive design handoff folder structure for agencies.
how do you connect ExportHub to Google Drive for the first time?
The first-time connection takes under a minute. Open ExportHub from the Figma plugin menu. The plugin prompts you to connect a Google account. Clicking the connect button opens your browser to Google's OAuth consent screen.
You'll see the account picker if you're logged into multiple Google accounts — select the one where your Drive folders live. Review the scopes listed on the consent screen, then approve. Google redirects back, and the plugin confirms the connection.
From that point, the plugin holds a refresh token. Subsequent sessions authenticate silently — you won't see the consent screen again unless you revoke access or the token is invalidated.
can you connect multiple Google accounts?
Yes. ExportHub supports multiple Google accounts. Each account you connect appears in the account selector inside the plugin. This is useful if you maintain separate personal and client Google accounts, or if you work across multiple agency Drive environments.
Switching accounts is a single selection in the plugin UI. No need to disconnect and reconnect — both accounts stay authenticated. You choose which account and which folder you're exporting to on each use.
how do you revoke a plugin's access to Google Drive?
Revoking access doesn't require going through the plugin. Google maintains a central list of all third-party apps with access to your account. Navigate to myaccount.google.com/permissions, find the plugin in the list, and remove it. The access token is immediately invalidated — the plugin loses access the next time it tries to make a Drive API call.
You can also disconnect from within ExportHub directly. The plugin removes its stored token, and you'll need to re-authenticate to use it again.
what causes a "failed to connect" error during OAuth?
Most connection failures fall into four categories. A pop-up blocker preventing the OAuth browser window from opening is the most common. Disable the blocker for the plugin's redirect domain, or allow pop-ups for the site temporarily.
The second common cause: the OAuth flow timed out. The window opened, but the user didn't complete the consent step before the authorisation code expired (typically within ten minutes). Starting the flow again resolves it.
Third: the Google account selected on the consent screen differs from an account the plugin expects — relevant if you've previously connected and Google is now defaulting to a different account. Sign out of unintended accounts in your browser before re-running the flow.
Fourth: corporate Google Workspace accounts with admin restrictions on third-party app access. If your organisation restricts OAuth for non-approved apps, the plugin will be blocked at the consent screen. Your Google Workspace admin can whitelist the plugin's OAuth client ID.
is it safe to connect a Figma plugin to your Google account?
Safety depends on what the plugin requests and how it handles credentials. The consent screen tells you exactly what access you're granting before you approve anything. Narrow scopes — especially drive.file — limit risk significantly. A plugin with drive.file scope cannot read, modify, or delete any Drive content it didn't create itself.
Beyond scope, look at how the plugin stores and handles tokens. Tokens should never be embedded in client-side plugin code where they're visible in source. In a properly built plugin, tokens are stored server-side and referenced via a session identifier the plugin holds locally.
If you want to audit what access ExportHub holds at any time, the Google permissions page shows the exact scopes granted — the same page you'd use to revoke access.
For designers tired of the manual export-download-upload cycle, a direct Figma-to-Drive connection removes significant daily friction. The mechanics behind it — exporting from Figma to Google Drive without downloading locally — are straightforward once the auth layer is understood.
FAQ
does connecting a figma plugin to google drive give it access to all my files?
Only if the plugin requests full Drive access. A plugin using drive.file scope — the standard for export plugins — can only access files it creates or that you explicitly open through it. It has no visibility into the rest of your Drive.
why does the google oauth screen keep appearing every time i use the plugin?
This happens when the plugin isn't storing or refreshing its access token correctly. A properly built plugin holds a refresh token and silently renews authentication in the background. If you're being prompted repeatedly, check whether you're blocking cookies or storage for the plugin's domain, or contact the plugin developer — the refresh flow may have a bug.
can i use a google workspace account with a figma drive plugin?
Yes, but your Workspace admin must allow third-party OAuth apps. If they've restricted access to approved apps only, the plugin will be blocked at the consent screen. Ask your admin to whitelist the plugin's OAuth client ID, which is available in the plugin's documentation or privacy policy.
how do i switch which google account a figma plugin exports to?
In ExportHub, use the account selector inside the plugin to choose between connected accounts. If you need to add a new account, use the connect account option — you'll go through a brief OAuth flow for the new account, and it will appear alongside any existing ones.
like reading? here's some more
free, forever, for everyone
give it a try today - you can remove exporthub at any moment



