I have integrated with Google OAuth to sign in and read data from Google Sheets. Though I have followed the verification process and got my app verified, I am still getting an unverified error as shown in the screenshot.
Could not find a relevant help/support forum as well. Any guidance on how to debug further?
Screenshot confirming App verification:
I'm sorry for the very late answer here. I'm going to leave one because I'm sure others will run into this issue.
Google will only verify the scopes that you name in the OAuth consent screen settings. If you haven't included a sensitive scope in that list, they will verify the branding for your app, but not the scopes.
Nowadays, Google's UI has been updated. The relevant section currently looks like this:
You'll need to include at least one sensitive scope in this section. Mine is read access to your contacts. Yours may be access to your Google Sheets data. Either way, you'll need to explain how you will use this data.
Related
We're implementing Gmail sending in out ASP .NET web application with Gmail .NET SDK.
In order to do this we need all following scopes "email", "profile", "openid",
https://www.googleapis.com/auth/gmail.send" to be granted to us by user.
However, on the consent screen user can untick checkbox "Send email on your behalf" which is not acceptable for us, please see below:
We've seen quite a few examples where there are no enabled checkboxes on the Google consent screen. So, we're truiyng to figure out how to hide/disabled checkboxes in our app, could you please advise?
Probably, this is because of our application is still not verfified, but I'm not sure if this is the reason.
Answer:
These checkboxes are due to the rolling out of a new granular account permission system, they are completely normal, and can not be turned off.
More Information:
After some digging, I discovered this Google Developers blog post from 2018 in which it is discussed that in the new permission system, users will have the ability to grant or deny permissions individually.
From the blog post:
Over the next few months, we'll start rolling out an improvement to our API infrastructure. We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually.
*our different login scopes (profile, email, and openid are all combined in the same consent and don't need to be requested separately.
It seems that this is still in the roll-out phase, even though at the time of writing this answer 26 months have passed since the announcement.
Preparing for the change:
The following are guidelines provided by Google as to how to prepare for the changes they are making to the Google Account permission system for OAuth and APIs:
Review the Google API Services: User Data Policy and make sure you are following them.
Before making an API call, check to see if the user has already granted permission to your app. This will help you avoid insufficient permission errors which could lead to unexpected app errors and a bad user experience. Learn more about this by referring to documentation on your platform below:
Documentation for Android
Documentation for the web
Documentation for iOS
Request permissions only when you need them. You'll be able to stage when each permission is requested, and we recommend being thoughtful about doing this in context. You should avoid asking for multiple scopes at sign-in, when users may be using your app for the first time and are unfamiliar with the app's features. Bundling together a request for several scopes makes it hard for users to understand why your app needs the permission and may alarm and deter them from further use of your app.
Provide justification before asking for access. Clearly explain why you need access, what you'll do with a user's data, and how they will benefit from providing access. Our research indicates that these explanations increase user trust and engagement.
You can read the aforelinked blog post for full information about the change.
References:
Google Developers Blog: More granular Google Account permissions with Google OAuth and APIs
Google API Services User Data Policy | Google Developers
GoogleSignIn | Google APIs for Android | Google Developers
Google Sign-In JavaScript client reference
Requesting additional scopes after sign-in | Google Sign-In for iOS
We're implementing Gmail sending in out ASP .NET web application with Gmail .NET SDK.
In order to do this we need all following scopes "email", "profile", "openid",
https://www.googleapis.com/auth/gmail.send" to be granted to us by user.
However, on the consent screen user can untick checkbox "Send email on your behalf" which is not acceptable for us, please see below:
We've seen quite a few examples where there are no enabled checkboxes on the Google consent screen. So, we're truiyng to figure out how to hide/disabled checkboxes in our app, could you please advise?
Probably, this is because of our application is still not verfified, but I'm not sure if this is the reason.
Answer:
These checkboxes are due to the rolling out of a new granular account permission system, they are completely normal, and can not be turned off.
More Information:
After some digging, I discovered this Google Developers blog post from 2018 in which it is discussed that in the new permission system, users will have the ability to grant or deny permissions individually.
From the blog post:
Over the next few months, we'll start rolling out an improvement to our API infrastructure. We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually.
*our different login scopes (profile, email, and openid are all combined in the same consent and don't need to be requested separately.
It seems that this is still in the roll-out phase, even though at the time of writing this answer 26 months have passed since the announcement.
Preparing for the change:
The following are guidelines provided by Google as to how to prepare for the changes they are making to the Google Account permission system for OAuth and APIs:
Review the Google API Services: User Data Policy and make sure you are following them.
Before making an API call, check to see if the user has already granted permission to your app. This will help you avoid insufficient permission errors which could lead to unexpected app errors and a bad user experience. Learn more about this by referring to documentation on your platform below:
Documentation for Android
Documentation for the web
Documentation for iOS
Request permissions only when you need them. You'll be able to stage when each permission is requested, and we recommend being thoughtful about doing this in context. You should avoid asking for multiple scopes at sign-in, when users may be using your app for the first time and are unfamiliar with the app's features. Bundling together a request for several scopes makes it hard for users to understand why your app needs the permission and may alarm and deter them from further use of your app.
Provide justification before asking for access. Clearly explain why you need access, what you'll do with a user's data, and how they will benefit from providing access. Our research indicates that these explanations increase user trust and engagement.
You can read the aforelinked blog post for full information about the change.
References:
Google Developers Blog: More granular Google Account permissions with Google OAuth and APIs
Google API Services User Data Policy | Google Developers
GoogleSignIn | Google APIs for Android | Google Developers
Google Sign-In JavaScript client reference
Requesting additional scopes after sign-in | Google Sign-In for iOS
My app has been OAuth verified for youtube and youtube.upload.
When I OAuth with these scopes, it's still not working.
I get the following in the web browser as before verification. They closed out my ticket, so I have no means to contact them.
Sign in with Google temporarily disabled for this app
This app has not been verified yet by Google in order to use Google Sign In.
If you are a developer for this application, please submit a verification request to re-enable Sign in with Google. Learn more
Please advise
Sign in with Google temporarily disabled for this app This app has not been verified yet by Google in order to use Google Sign In.
If you are a developer for this application, please submit a verification request to re-enable Sign in with Google. Learn more
The message you are getting clearly states the issue. Your application is not verified or its verification has bee removed. In order to fix this you must go thought he verification process. You might want to check your email and see if there is any messages from google as to why your verification was removed. I have seen several posts like this over the last week it seams Google may be going though projects.
I recently received an email from the Google Cloud Platform Team notifying me of a policy violation stating that we had not completed the OAuth developer verification process and we're limited to 100 new user grants of which we're already at 60% towards.
The thing is, if I view this Oauth consent screen in the Google Cloud Platform, at the top of the page, it states:
Your consent screen is being verified. This may take up to several days. Your last approved consent screen is still in use.
This page was last saved and 'submitted for verification' some months ago now.
The page itself is constantly glitchy and poor anyway I've noticed at various points in the past.
The information this page contains is correct and I am unable to re-submit for verification unless I make changes.
Nonetheless, I'll make a change, resubmit, then edit removing that change and resubmit again but it's proving to be a bit of a hassle when either their system doesn't work or we're waiting on them to approve/reject the Oauth verification.
Am I supposed to be doing something else or is there a workaround at all?
Make sure that you've taken a look at the App Verification help page:
https://support.google.com/cloud/answer/7454865?hl=en
and the much more detailed verification FAQ:
https://support.google.com/cloud/answer/9110914
From the sounds of your post, it seems like you probably just need to get your app's branding verified because you are accessing sensitive scopes. That should be a pretty straightforward process if you have everything ready for review. Make sure you haven't gotten any messages from the review team with open items you need to accomplish. If not, you can make a trivial change and resubmit.
If you are trying to access a restricted scope like Gmail APIs, the process will be much more involved. Make sure you have all your requirements taken care of as outlined in the FAQ. And be sure you look closely at what scopes your code is actually requesting. If you are asking for sensitive or restricted scopes in your app but don't have those fully registered and approved in the developer console, your users will get warnings and you'll have restricted tokens revoked.
I would like my application to programmatically update my user's gmail/google talk status on their behalf but I dont want to store their password because of the privacy risk
Does anyone know if/how it is possible to use Oauth or some other form of authentication that does not require password storage.
The Google data api docs I have seen support a range of services but dont seem to support Google Talk/Gmail beyond the Google Contacts api.
The Google Talk API seems to explicitly state that username and password are required but I could be mistaken
If it helps, my application is built on App Engine so I can at least use the built in user class to determine their username and email without storing their password but this doesnt seem to give me access to the user's status
Any tips or pointers to apps/code that seems to accomplish this would be helpful. Thanks!
This may not be what you are looking for but it might be a step in the right direction for you.
"the Google Contacts Data API now supports OAuth."
http://groups.google.com/group/oauth/browse_thread/thread/75ee6d973930c791
The post says that "This is our first step towards OAuth enabling all Google Data APIs." And it's quite old so maybe they'll have information about the Gmail API.
Hope it helps.