I never said it was or should be an internal app. No scopes that we are using on the OAuth consent screen are restricted or sensitive.
While technically, this is a user-facing app, this app is meant to be whitelisted by other G Suite administrators at which time, the G Suite administrators would allow access to the sensitive scopes for their users. If you have customers (users) accessing the app, then it should be > verified, whitelisting on their behalf doesn't change that your app isn't > verified. So you're confirming that even though we don't technically need to get verified (per the FAQ that keeps getting referenced), users will still see the "Unverified App" message if we don't. If you are confirming this, can you confirm that this is a recent change/fix, as this issue only recently started occurring. On Wednesday, July 17, 2019 at 11:01:23 AM UTC-5, Jorge A (Google Cloud Support) wrote: > > @Bryan, in that case it isn't an *internal* whitelisted app without > *sensitive > or restricted scopes*. If the warning still shows once whitelisted, > sensitive or restricted scopes are present. Please double check,since you > *need > to* go through verification before you launch a *user-facing* app. If you > have customers (users) accessing the app, then it should be verified, > whitelisting on their behalf doesn't change that your app isn't verified. > > On Wednesday, July 17, 2019 at 11:49:43 AM UTC-4, Bryan Zera wrote: >> >> Yeah @Jorge, We are aware that the FAQ says that whitelisting means you >> *don't >> have to submit for review*, but what it doesn't *explicitly* say is if >> the end user is still going to get the "Unverified app" message when the >> app is whitelisted, because our app was created to be whitelisted, but our >> customers who do whitelist our app still get the unverified app message. >> >> On Wednesday, July 17, 2019 at 10:44:19 AM UTC-5, Jorge A (Google Cloud >> Support) wrote: >>> >>> As David mentioned and to answer your question, yes, if a G Suite >>> administrator has whitelisted the application, the users of that G Suite >>> domain should not see the “unverified app” message. This is stated under >>> https://support.google.com/cloud/answer/9110914/#skip in the FAQ >>> document for this topic: When can I skip submitting my app for a review? >>> "The app is domain installed or whitelisted by a G Suite domain >>> administrator. If your app is intended for G Suite users, access might >>> depend on domain administrator permission. Obtaining a verification will >>> likely make it easier for administrators to grant access." >>> >>> On Tuesday, July 16, 2019 at 5:01:16 PM UTC-4, Bryan Zera wrote: >>>> >>>> @DavidCharlesMartinez. Thank you for that link. It certainly reads >>>> like users accessing whitelisted apps shouldn't see the "Unverified App" >>>> message. >>>> >>>> @Julie, when the GSuite Updates Blog says the following: >>>> >>>> Trust apps that you want to allow users to continue to install: To >>>>> trust an app, use our API Permissions (OAuth apps whitelisting) >>>>> feature <https://support.google.com/a/answer/7281227> in the Security >>>>> section of the Admin console. Trusting an app also means that, if users >>>>> consent, the app will have access to some G Suite user data (OAuth2 >>>>> scopes) >>>>> that you’ve otherwise restricted using this same tool. For example, if >>>>> you’ve generally blocked access to Gmail OAuth2 scopes, trusted apps will >>>>> have access for accounts where users consent. >>>> >>>> >>>> *Does that mean that a user whose G Suite administrator has whitelisted >>>> our app should not see accessing whitelisted apps should not see the >>>> "unverified app" message?* >>>> >>> -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/4c40848e-bf24-4412-baa1-43b86e4d73cc%40googlegroups.com.
