Users seeing the Unverified App Screen in the android app - google-oauth

We have android application that uses Fitness API for reading steps.
Our app has passed OAuth verification process and ./auth/fitness.activity.read scope was approved:
In the app we request "fitness read" permission using this part of the code:
val fitnessOptions = FitnessOptions.builder()
.addDataType(DataType.TYPE_STEP_COUNT_DELTA, FitnessOptions.ACCESS_READ)
.build()
GoogleSignIn.requestPermissions(
this,
1000,
GoogleSignIn.getAccountForExtension(requireContext(), fitnessOptions),
fitnessOptions
)
But unverified OAuth consent screen still appears:
GCP Technical Support didn't help with it and asked us to report this problem here.
Any ideas what's wrong? Maybe someone had similar issue?

That screen indicates that your app is in "testing" state: https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting.
You will need to switch your app to production state. Before doing so, please confirm that your app is requesting only scopes that it has already been approved to use. If your app is using any sensitive scopes that are not approved, your users will see an unverified app screen. You can determine what scopes your app is using by inspecting your code.

The problem was in OAuth Client ID.
We had 2 projects in Google Cloud Console: for prod and for dev.
OAuth consent screen was verified for prod one.
Prod and dev projects had Client IDs for the same package name and certificate and my prod app has used Client ID of the dev project.

Related

Google OAuth Consent Screen Shows Different Information In Development Versus Production

I noticed that the Google OAuth consent screen shows different information in development versus production.
Development Google OAuth Consent Screen
The path for the development environment before we are redirected to the Google OAuth Consent Screen is as follows:
http://localhost/tips-and-trips-by-sham/google_calendar_add_event/
The path for the development environment for the Google OAuth Consent Screen is as follows:
https://accounts.google.com/signin/oauth/oauthchooseaccount?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=http%3A%2F%2Flocalhost%2Fgoogle_calendar_add_event_php%2Fgoogle_calendar_event_sync.php&response_type=code&client_id=179430523214-h7u06vpoj31hec4vpbn2sust7c8ltkee.apps.googleusercontent.com&access_type=offline&service=lso&o2v=1&flowName=GeneralOAuthFlow
Production Google OAuth Consent Screen
The path for the production environment before we are redirected to the Google OAuth Consent Screen is as follows:
https://shaynhacker.com/clients/travel/travel/google_calendar_add_event/
The path for the production environment for the Google OAuth Consent Screen is as follows:
https://accounts.google.com/signin/oauth/oauthchooseaccount?scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fcalendar&redirect_uri=https%3A%2F%2Fshaynhacker.com%2Fclients%2Ftravel%2Ftravel%2Fgoogle_calendar_add_event%2Fgoogle_calendar_event_sync.php&response_type=code&client_id=179430523214-h7u06vpoj31hec4vpbn2sust7c8ltkee.apps.googleusercontent.com&access_type=offline&service=lso&o2v=1&flowName=GeneralOAuthFlow
Now, the information shown on the Google OAuth Consent Screen in the development environment is what I want to be shown in the production environment which is Trips & Tips By Sham and not my email address.
I followed the instructions on the relevant Google page https://console.cloud.google.com/apis/credentials/consent?project=rich-store-372122 but to no avail.
The instructions here did not meet my needs because it's showing my personal email address instead of the title I gave on that page which is Trips & Tips By Sham in the production environment.
Consent Screen Configuration/Consent Screen Details
After checking the documentation related to the Consent screen it seems that the display name and logo for a in production app are subject to the verification status of your application as shown here:
Since the problem with your application seems to be with the one in production I would suggest checking if your app needs to complete verification, if so, you can perform verification of the app following this documentation, once again the behavior seems to be expected according to this information:

How to build iOS app in expo without login access?

I don’t have access to apple developer account.
but I have the p12 distribution and mobile provisional certificates from the client.
When I try to create ios app with expo cli without login:
It ask me the password for the certificate. There’s no password set
on the certificate how can I give a blank input?
Then it ask for apple team ID (from where can I get it?)
I also want to know what else are required to build app without login.
There’s no documentation or resources available on the expo site for it.
As far as i know , getting build versions for ios apps without apple developer account is not possible.
although , this article might be helpfulcheck this

How to set up Google sheets API for personal use

I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.

PayPal - switching from Sandbox to Live account using REST API

We tested our web application successfully using a sandbox REST API account (and test credentials).
When we wanted to put the application into production (using REST API live credentials visible on the same PayPal web site where the sandbox/text credentials were shown), we received an error from the production PayPal server on a live credit-card transaciton:
Error code : 401 with response : Server returned HTTP response code: 401 for URL: https://api.paypal.com/v1/payments/payment
We have a Business Account that is not yet 100% verified (75% verified at the moment), so we are not sure if this is caused by some technical issue or the fact that the account is not yet 100% verified.
PayPal web site is quite confusing and the process of moving the app from test to production is not clearly explained. It seems that they are migrating from some old web sites to new ones and the user is prompted to login multiple times, redirected to different URL-s... E.g. we can see our application test and live credentials on the developer.paypal.com, but not on apps.paypal.com where no apps are listed, even though the same user is logged in (owner of the business account)???
For future readers, you have to use Live Credentials, on https://developer.paypal.com go to My apps and in App details there is a link at a bottom of the page :
Click on that link and you will see live credentials.
You now click on your sandbox application and then click live at the top of the screen to get your live credentials.
For the PayPal REST api use the credentials provided on developer.paypal.com (new version of PayPal dev experience). Live calls require the account to be vetted which includes fully verified.

Trying to post score with scores api from an iOS app, but app access_token is required

I have an iOS game that wants to publish user scores to Facebook. I use lastest Facebook SDK from git.
The app is in the Games category, and marked as Native/Desktop app.
The iOS bundle is set correctly (if I set it wrong, my app can't log-in).
I request publish_actions permission from the user and it succeeds.
But when I try to post a new score via requestGraphPath of USER_ID/scores (or me/scores) I get an error requesting the app access_token.
I understand that this is considered as a client-app and the app authentication is done via the Facebook SDK. So the access_token is a combined one (and encrypted?) and should work.
(putting the App Secret Key inside my app and patching the SDK to handle it isn't a good idea)
On the other hand, posting high scores via the new Open Graph works perfectly (I use the default High Score action and it works), but I need to wait for the approval in order to go live...
What am I missing about the Scores API?
On facebook your app must be WEB-type.
Work only with USER_ID and app access_token
(example 221179161233395|O9Wwt7hmowV2Bt3k5yVAy2SInTU)