Verification for newly sensitive scopes

[Monique Szpak]

I have received emails for each of my four published add-ons demanding that I get them verified for scopes that previously required no verification. Fine, I'm trying to comply but it is getting frustrating.

Although you may have recently submitted your app for verification, you must also submit for the sensitive scopes listed below which have not previously been verified. Please submit your app(s) for sensitive scope verification by October 21, 2019.

https://www.googleapis.com/auth/script.external_request
https://www.googleapis.com/auth/script.container.ui

 

These scopes are not in the API library (that I can find) so I manually copy and paste each one individually in to the "Add scope" modal and click "Add" after each one. When I open the modal again they are still in the input box. They do not then appear in the list of added scopes. I discovered that there is a little drop down in the top-left of the input that has you select from "API" and "OR". Have tried submitting scopes with and without the "API" prefix.

Every other input has a value, there are no validation/error messages. The Save button is disabled. The Submit button is enabled. After Submit the scopes are gone from the modal and do not appear in the list of scopes, although the "email" and "profile" scopes are now listed twice. 

All four of the projects use the same scopes. The correct scopes appear in the configuration page for each of them. Two of them required other information for verification also, for these the Save button became enabled and the newly added scopes appear in the list on the verification page. 

The other two required no other new information. I tried changing some of the values but nothing would enable the Save button. I have submitted these several times now. All I get from Google is a request to add the scopes. I have replied trying to explain what is going on.

Anyone else going through this atm? Is it a bug in the form or am I missing something?

[Alan Wells]

I have also had trouble with adding scopes to the list.  Also, I have experienced scopes being removed that I know were previously there.  The scopes must be listing in two places. 

There are two separate "Configuration" screens, in two different places.

One is under the G Suite Marketplace SDK, and the other you navigate to without going to a specific API.

[Alan Wells]

Here is the official google email address to give feedback on the OAuth review process:

oauth-f...@google.com

Originally posted in this group at:

https://groups.google.com/forum/#!searchin/google-apps-script-community/feedback%7Csort:date/google-apps-script-community/95vZ6BIjIe4/hhVbBlf7AAAJ

Multiple people have reported having difficulty with the disabled button.

I always add all of the multiple needed scopes at one time, because I've had an issue with trying to add them one at a time.  When I add them one at a time, there seems to be an error when adding subsequent scopes.  If you add multiple scopes, do not use the Enter key to put them on separate lines.

I've needed to re-approve my scopes so many times, that I have a document with the explanation that I can copy and paste because it's time consuming to write the explanation.

On Thursday, August 15, 2019 at 4:39:32 AM UTC-4, Monique Szpak wrote:

[Monique Szpak]

Yes, all 4 of my projects have all the correct scopes listed on the configuration form. Only 2 of them have the correct scopes listed on the verification form. The other 2 will not save the new scopes.

[Monique Szpak]

So time consuming. *sigh*

Thank you for submitting an OAuth App Verification request.
In order to continue with the verification process, you’ll need to create and provide a link to a YouTube video that shows how you’ll use the data you access using OAuth scopes. Specifically, the demo video should detail, in English:
How to log into your project (ensuring that the URL bar with the client ID is clearly visible)
How to request an OAuth token (OAuth Consent Screen/Permissions Page)
How your project's functionality utilizes the requested scopes:
https://www.googleapis.com/auth/script.container.ui
https://www.googleapis.com/auth/script.external_request
Note: You don’t need to be personally visible in the  demo or narrate the video. Demonstrating the process from the keyboard/screen view is sufficient.

[Alan Wells]

I've spent weeks of work on YouTube videos to get my add-on approved.

Note that when they state:

"How to log into your project"

For an add-on, the "log in" is done during the installation process.  For an add-on, it's not really "logging in" in the sense of creating a user name and password, but they insist on using that terminology.  I guess that the user is logging in through their existing Google account.

I found that part confusing.

Also, the client ID is shown in the address bar of the authorization window.  And it's very long.  You will need to widen out the authorization window in your video in order to show the entire client ID.  The client ID is automatically put into the url in the authorization window.

I wouldn't go into complete detail of showing how to use every possible aspect of your UI. My video would be hours long if I did that.  Any parts of your UI that are directly related to some other scope I would explain.

How to request an Auth token.  The user doesn't explicitly request an Auth token.  That is handled by the add-on authorization acceptance.  All they do is either click the Accept button or not.  But, in my video I explain what each of the asked for permissions is for.  And if the add-on does not use some part of the permission,  like delete all your files in your entire Drive, I assure the user that the add-on doesn't do that.

[minoque]

Thanks Alan. I have previously recorded a video and received verification after. Its just so time-consuming and its not something I do regularly so it takes me even longer than it should.

--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/63d4fdb5-2254-4696-acb1-3245a047a4f5%40googlegroups.com.