Google Cloud OAuth API verification

Question

We are using Google to enable users to use their Google account to authenticate themselves (using AWS Cognito federated sign in) with our Mobile application (we only have mobile applications, no web). We are only using the non-sensitive scopes, but even with that it seems that we are required to go through the whole verification process.

Scopes used: OAuth scopes

But when I try and publish the application I get a popup notifying me that the verification is required and even mentions sensitive and restricted scopes: Google publish popup

Step 1 of the verification process is ok, but the other steps are what baffles me.

When I take a look at the documentation it mentions that only if you are using sensitive or restricted scopes that verification is required.

Is there any way to setup the application so verification is not required or at least not as extensive? Most likely we have configured something wrong, or didn't understand the documentation correctly, so any suggestion would be more than appreciated.

Answer 1

In addition to scopes, there a few more reasons why your consent screen might require verification:

• You want to display an icon or display name for your project on the OAuth consent screen.
• Your project's OAuth clients request authorization of any sensitive or restricted scopes.
• The number of authorized domains for your project exceeds the domain count limit.
• There are changes to your project's OAuth consent screen configuration after a previous published, verified configuration.