OAuth Requirement verification failure

48 views
Skip to first unread message

GovZ

unread,
Jul 22, 2019, 6:21:28 PM7/22/19
to Chromium Extensions
Hello everyone,

Recently one of our extension got rejected for OAuth verification. 
This extension has been around since January of 2018. 
Basically, my issue is as follows :

======================================================

Questions on ADDITIONAL REQUIREMENTS FOR SPECIFIC API SCOPES

Please refer to : https://developers.google.com/terms/api-services-user-data-policy#additional-requirements-for-specific-api-scopes

======================================================

1. In the above mentioned page, we have the following :

For Gmail Restricted Scopes:

Enforcement of the Gmail requirements in this section began on January 15, 2019. Applications that had access to Gmail Restricted Scopes prior to January 15, 2019 must obtain their first Letter of Assessment no later than December 31, 2019 to keep access to Gmail Restricted Scopes. All other apps must first be verified and obtain the letter prior to being granted access to Gmail Restricted Scopes

My questions are :

1. What is this Letter of Assessment? 

2. In my understanding, pre-2019 apps that used to work (and were approved by domain admins) with GMAIL Restricted Scopes APIs, will continue to work until December 31, 2019. And will stop working after that date if they failed to get a Letter of Assessment. Is my understanding correct?


Thank you to anyone who might help.


GovZ

Simeon Vincent

unread,
Jul 24, 2019, 8:59:13 PM7/24/19
to Chromium Extensions
These questions may be better addressed by searching/asking on Stack Overflow using the google-oauth tag as suggested in the oauth2-dev group. That said, if anyone has useful information to share feel free. 

Simeon - @dotproto
Extensions Developer Advocate

GovZ

unread,
Aug 7, 2019, 6:05:05 AM8/7/19
to Chromium Extensions
Hello to everyone,

I just wanted to update this issue. 

After discussions with team google, both sides have agreed that the extension we developed was ineligible for oauth verification.
This ineligibility springs from the fact that our extension was installed on a domain-level and is configured at a domain level too. 
Google asked that we ensure also, that all our domain admins must whitelist our application. As this avoids the unverified app message popup.

here is the clause that allowed us to skip the OAuth verification process. 
https://support.google.com/cloud/answer/9110914#skip (When can I skip submitting my app for a review?)

Thank you Simeon Vincent.

For anybody having the same problem, I hope this helps.
Reply all
Reply to author
Forward
0 new messages