Reputation: 11
Gmail verification
According to the new Gmail OAuth policies, certain authentication scopes require a new App Review process.
I want to replace the restricted scopes I'm currently using with just one non-restricted scope.
Does this mean I can simply skip the verification process? Or does this mean other granted scopes like the one from drive ('https://www.googleapis.com/auth/drive') will be revoked or will my app will get an "unverified" screen?
Upvotes: 0
Views: 574
Answers (3)
Reputation: 1
Please ensure you have added all the scopes used by your app on OAuth Consent configuration screen in Google Cloud Console. Once you have done that, screen should flag you the scopes which need to go through verification.
Even if your app doesnt use any restricted scopes, it may be using some sensitive scopes for which you will have to go through OAuth verification process.
Hope this helps.
Upvotes: 0
Reputation: 765
According to the FAQs, you do not need to request for verification if your app is going to be used in any of the following scenarios:
- The app is not shared with anyone else.
- The app is used to send emails through Wordpress, or similar single account SMTP plug-ins.
- The owner and users of your apps belong to the same G Suite domain or customer.
- The app is trying to access data from users' Google Cloud Platform project. For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.
As for your second question, if your app uses sensitive scopes or does not fall in the above scenarios, then yes, your apps will get the Unverified App screen.
If you don't publish your app for review:
If your public application uses sensitive scopes that permit access to certain user data, users of your application might see anUnverified App screen.
To protect users and Google systems from abuse, applications that use OAuth and Google Identity have certain quota restrictions based on the risk level of the OAuth scopes an app uses. Failure to get your app verified might result in your project quota getting exhausted. Learn more about Unverified Apps.
You can visit the FAQs if you have other questions.
Upvotes: 1
Reputation: 81336
If you request scopes that Google considers sensitive, you will most likely be denied approval. It is better to limit the scopes that you request to just the ones for identity.
If you don't your app will have this big warning that your app is not trusted while you wait for approval. Then your app will be denied.
Eliminate scopes until the request approval button is disabled. Once your scopes are limited to the point that Google does not require approval for your app you will be OK.
Upvotes: 0
Related Questions
- can GMAIL API be used for sending out account verification when registering to a site?
- How can I verify my Gmail Oauth process when I'm not given a verification code?
- Does my app need verification for using Gmail API?
- Verification with the new Google rest apis requirements (15.01.2019)
- Gmail API / Google Auth - How to get verified?
- How does Gmail login work
- Gmail Authentication for sending mail
- Google-oauth2 authorization process
- OAuth 2.0 with GMAIL API using
- Doubts on using oauth tokens for Gmail APIs