@Bryan, in that case it isn't an *internal* whitelisted app without *sensitive or restricted scopes*. If the warning still shows once whitelisted, sensitive or restricted scopes are present. Please double check,since you *need to* go through verification before you launch a *user-facing* app. If you have customers (users) accessing the app, then it should be verified, whitelisting on their behalf doesn't change that your app isn't verified.
On Wednesday, July 17, 2019 at 11:49:43 AM UTC-4, Bryan Zera wrote: > > Yeah @Jorge, We are aware that the FAQ says that whitelisting means you > *don't > have to submit for review*, but what it doesn't *explicitly* say is if > the end user is still going to get the "Unverified app" message when the > app is whitelisted, because our app was created to be whitelisted, but our > customers who do whitelist our app still get the unverified app message. > > On Wednesday, July 17, 2019 at 10:44:19 AM UTC-5, Jorge A (Google Cloud > Support) wrote: >> >> As David mentioned and to answer your question, yes, if a G Suite >> administrator has whitelisted the application, the users of that G Suite >> domain should not see the “unverified app” message. This is stated under >> https://support.google.com/cloud/answer/9110914/#skip in the FAQ >> document for this topic: When can I skip submitting my app for a review? >> "The app is domain installed or whitelisted by a G Suite domain >> administrator. If your app is intended for G Suite users, access might >> depend on domain administrator permission. Obtaining a verification will >> likely make it easier for administrators to grant access." >> >> On Tuesday, July 16, 2019 at 5:01:16 PM UTC-4, Bryan Zera wrote: >>> >>> @DavidCharlesMartinez. Thank you for that link. It certainly reads >>> like users accessing whitelisted apps shouldn't see the "Unverified App" >>> message. >>> >>> @Julie, when the GSuite Updates Blog says the following: >>> >>> Trust apps that you want to allow users to continue to install: To trust >>>> an app, use our API Permissions (OAuth apps whitelisting) feature >>>> <https://support.google.com/a/answer/7281227> in the Security section >>>> of the Admin console. Trusting an app also means that, if users consent, >>>> the app will have access to some G Suite user data (OAuth2 scopes) that >>>> you’ve otherwise restricted using this same tool. For example, if you’ve >>>> generally blocked access to Gmail OAuth2 scopes, trusted apps will have >>>> access for accounts where users consent. >>> >>> >>> *Does that mean that a user whose G Suite administrator has whitelisted >>> our app should not see accessing whitelisted apps should not see the >>> "unverified app" message?* >>> >> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/682d680e-b010-4079-8191-8b917cdf16a8%40googlegroups.com.
