Hello, My understanding of your issue is that, your application was previously sent for verification (in 2018) and was passed. As the new calendar year was implemented for 2019, your team had sent the verification application to the OAuth team once more. For reasons discussed in the email between your team and the OAuth team, the application was rejected. This resulted in another application to be submitted to the OAuth team which lead to the them asking for whitelisting on your end. Given the size of your operation, this seems to be not a viable option for you.
Based on my research into this, the following FAQ answer for the question "*What happens if my app gets rejected from the verification process?*" mentions that "if you believe your app’s use of restricted scopes is compliant with the *Additional Requirements for Specific API Scopes * <https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes>and you want to reapply, do the following: *1. *For a faster verification turnaround, ensure that your app complies with our policy. For more information, see *What are the requirements for verification?* <https://support.google.com/cloud/answer/9110914?hl=en#verification-requirements> *2.* On the GCP Console OAuth consent screen <https://console.cloud.google.com/apis/credentials/consent> page, register the restricted scopes you’re requesting access to and click Submit for Verification. If your app had access to restricted scopes prior to January 1, 2019, the verification process opened on January 15, 2019 and closed on June 26, 2019. Apps that had not completed the process were rejected. When you reapply for verification, all required materials need to be resubmitted. The end-to-end timeframes will take several weeks." For more information on how to streamline the verification process further, you may feel free to consult the *FAQ* page created by the* OAuth team here <https://support.google.com/cloud/answer/9110914?hl=en>*. In regards to what was discussed by Google Cloud Support so far on this thread, the OAuth process is handled by a completely different team. GCP support can only refer to the answers available on the FAQ page created by the OAuth team to help users with their issues with OAuth process. The communication for your specific use case would ultimately have to be directed to that team for further clarification. Additionally, if you would like to submit some feedback about these OAuth policies and changes, you can always send them to the following no-reply email address: [email protected]. I hope this was of some help to you. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/dea49c0d-9a3c-4246-a8a7-d99d533e15c4%40googlegroups.com.
