The official documentation on how to update the add-on code version is on this page
And it works great when we are not changing the already verified scopes
- just by following the steps: 1-3-5-6bcd
However, that's not the case when changing the scopes if we go in the sequence from that page: 2-4-6a
- when changing the manifest or the SDK configuration, ahead of getting verified for the new scopes, (I did that first as suggested)
- the add-on goes into unverified status, with the users are getting this message:
"Sign in with Google temporarily disabled for this app This app has not been verified yet by Google in order to use Google Sign In."
- and showing the
OAuth rate limits cap message (100 users / 100 user cap) in the GCP page
There are 3 places where to add/edit the scopes
1. The appsscript.json manifest in the add-on GAS project
when asked Google through the oauth-feedback@ support email about the order on changing the scopes, the first answer was:
"you will need to wait for the scopes to be fully verified before adding them to the add-on production config. Otherwise, the app will show as unverified for new users."
when asking for clarification on the meaning of "add-on production config" in this context, the final reply was:
"The scopes should be added to the GCP APIs OAuth consent screen and verified first before added to the appsscript.json manifest or the GCP GSM SDK Configuration page and used in the application."
But as today, the documentation page is still showing the request for verification as the last step
Does anybody has experience changing the add-on scopes, after the recent migration to GSM?
Any Googler around to help on this process/workflow and to update the official documentation?