I have a verified app and I would like to change the OAuth consent screen application name(only application name).
In order to do this, it seems that I need to reverify this again, but my app is ALREADY in production now, if I submit it for verification would the current verified OAuth screen suddenly be shown as unverified, OR is there any way to show the old OAuth screen until the new one is verified ?
You can always re-apply for verification at any time. The previous approved state of your app will hold.
If you are applying for brand verification [1], any previously approved brand information will continue to be displayed until you complete the new verification
If you are requesting new sensitive scopes [2], only the previously approved sensitive scopes will be displayed without an unverified screen. Any requests containing new sensitive scopes will show an unverified app screen until approved. See How to resubmit for google oauth verification if changes in scope without disturbing the production for good practices on getting verification without affecting all your users.
[1] https://support.google.com/cloud/answer/9110914?hl=en#verification-types
[2] https://support.google.com/cloud/answer/9110914?hl=en#sensitive-restricted-scopes
Related
I'm trying to follow the instructions here which tell me to create credentials via the instructions here, which as step 6 tells me 'Click the user type for your app. If you're running a Quickstart, select Internal.'
On the page in question, 'Internal' is greyed out, and tells me I can't select it because I'm not a Google Workspace user. Going to Google Workspace, it tells me I need a domain name for 'my business'. Since I don't have a business, or any domain that would have anything to do with this project (I just want to push some personal data from the command line to a sheet), I don't seem to be able to proceed. Is the Google Sheets API just not available for such use?
If you don't have a Workspace account but you don't want to publish your app publicly (and go through the associated review by Google), you can set the app to External and test the app instead of publishing it.
In order to do that, just add yourself as Test user when setting the OAuth consent screen, and leave the Publishing status on Testing, don't change it to In production:
Testing
Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.
Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
Reference:
Publishing status: Testing
Unfortunately, that means that the authorization lasts only for 7 days. Which means that I have to keep creating new projects every 7 days, which is untenable. Here is the excerpt from the "Setting up your OAuth consent screen" page on the Google support site.
Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.
We have android application that uses Fitness API for reading steps.
Our app has passed OAuth verification process and ./auth/fitness.activity.read scope was approved:
In the app we request "fitness read" permission using this part of the code:
val fitnessOptions = FitnessOptions.builder()
.addDataType(DataType.TYPE_STEP_COUNT_DELTA, FitnessOptions.ACCESS_READ)
.build()
GoogleSignIn.requestPermissions(
this,
1000,
GoogleSignIn.getAccountForExtension(requireContext(), fitnessOptions),
fitnessOptions
)
But unverified OAuth consent screen still appears:
GCP Technical Support didn't help with it and asked us to report this problem here.
Any ideas what's wrong? Maybe someone had similar issue?
That screen indicates that your app is in "testing" state: https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting.
You will need to switch your app to production state. Before doing so, please confirm that your app is requesting only scopes that it has already been approved to use. If your app is using any sensitive scopes that are not approved, your users will see an unverified app screen. You can determine what scopes your app is using by inspecting your code.
The problem was in OAuth Client ID.
We had 2 projects in Google Cloud Console: for prod and for dev.
OAuth consent screen was verified for prod one.
Prod and dev projects had Client IDs for the same package name and certificate and my prod app has used Client ID of the dev project.
Good morning.
I use google calendar API.
My program create a connection with the google calendar of multiple users.
From each user, i have their credential.json, but when the app start the first time show the browser quickstart confirm. How i can skip this step?
Thanks anticipated
I think you have seriously misunderstood how Oauth2 works.
You the developer goes to Google developer console and registers your application. If you will be requesting data from other users you will need to create Oauth2 credentials this will give you credeitnals.json file used by your application to request authorization of a user.
When each of your users runs your application they will be requested to consent to your application authorizing their data. If they do you will be granted an access token which gives you access to their data, this access token will expire after one hour. If you have also request offline access then you will also have a refresh token. If you store this refresh token some place then you will be able to access the users data when ever you need to by using it to request a new access token.
As for the unverified app screen, when you create your application it is basically in developer state, this is so that you can build and test your application. When you are ready to go to production you can request that your application be verified by google
Once your app has been verified the unverified app screen will stop showing up.
I noticed that a lot of apps that I use (Pokemon GO, CityMapper, Booking.com and many others) Don't display consent screen when using google sign-in, however our app always displays it to all users.
The scopes we are requesting are: email, profile, openid according to consent screen settings (https://console.cloud.google.com/apis/credentials/consent)
But in code we only request email scope. I also noticed that I cannot remove them from Google developer console consent tab
How can I make sure that consent screen is not shown?
The code we use is as simple as that:
GoogleSignInOptions gso = new GoogleSignInOptions.Builder(GoogleSignInOptions.DEFAULT_SIGN_IN)
.requestEmail()
.build();
Just wanted to add that it's absolutely not clear from any of google docs on what makes consent screen show up or not
Thanks to #steven-soneff above, the reason why my consent screen was shown is that I was requesting offline access from google oauth api
We are setting up an "app" in Google Cloud Console for the sole purpose of single sign on - letting users sign into a WordPress site and a Moodle site using their Google accounts.
When setting up the "Oauth Consent Screen" - there is a "Submit for Verification" button which is disabled (grayed out). The verification Status is "not published".
The question: does it need to be verified? The documentation, such as there is, hints darkly at various limitations if it is not. Yet, there appears to be no path to get it verified.
It "works" in testing for allowing log in with Google account, but the organization has a large number of users. Are we going to hit limits if we go live with it?
We haven't added any scopes. Do we need to, just to get the ability to get it verified? It "works" in testing, without having added any scopes.
Any insight is welcome on how to get this app verified - or as whether we need to have it verified (maybe it can't be verified because it doesn't need to be?).