Add on OAuth Verification

22 views
Skip to first unread message

Martin Molloy

unread,
Sep 3, 2021, 7:45:13 PMSep 3
to Google Apps Script Community
I'm trying to publish an add on and having trouble with the verification process i've been back and forth a few times now and I'm wondering if anyone could give me some insight to help me understand what I'm doing wrong or to explain to the verifier why they are wrong and I'm right (which I think is the case)

Amongst the scopes I'm requesting are
and 
The reviewer is saying that in my video (of the approval process) I have not asked for those permissions but have asked instead for 
  • see, edit, create and permanently delete your google classroom classes.

  • See, edit, create, and delete all your google slides presentation.
As far as I understand it these are the same things just worded slightly differently - and I have no control over the wording.

Now I'm stuck. I think its because the verifier hasn't understood what he is looking at or it could be that I've completely misunderstood.

Any insights or suggestions would be welcome

Thanks
Martin

Clay Smith

unread,
Sep 3, 2021, 7:51:54 PMSep 3
to google-apps-sc...@googlegroups.com
Hey Martin,

You can reduce the scope a bit with .readonly at the end or selecting more specific scopes. You can manage them directly in the manifest. There’s also some scopes not in the documentation which can help. 
Google is asking you to get more specific with what access you need. Can you describe what actions your add-on needs? Happy to talk privately if you don’t want to discuss publicly. 

Clay

On Sep 3, 2021, at 19:45, Martin Molloy <martin...@mtmomk.co.uk> wrote:

I'm trying to publish an add on and having trouble with the verification process i've been back and forth a few times now and I'm wondering if anyone could give me some insight to help me understand what I'm doing wrong or to explain to the verifier why they are wrong and I'm right (which I think is the case)
--
You received this message because you are subscribed to the Google Groups "Google Apps Script Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-apps-script-c...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-apps-script-community/f4338aea-32a5-4c46-9365-5ba63bfda24cn%40googlegroups.com.

Alan Wells

unread,
Sep 3, 2021, 8:20:44 PMSep 3
to Google Apps Script Community
I agree that the misunderstanding may simply be a difference in the wording.
I would give them what they want, and use the wording that they are using.
When the user is presented with the authorization acceptance dialog, the user sees specific wording in that dialog box.
I would use the wording that is used in the dialog box.
If you describe the authorization needed with the word "manage" and leave out the fact that it can  permanently delete something, 
that may be seen as an inaccurate representation to the user.
I'm just guessing.

Martin Molloy

unread,
Sep 3, 2021, 8:52:59 PMSep 3
to google-apps-sc...@googlegroups.com
Thanks Alan

My problem/frustration is that I have no control of the wording only of the scopes I select. The wording they are quoting is the explanation, from the developer guides, of what the scope means. That is not the same as the wording used in the consent screen. I have no control of either so I'm banging my head against a brick wall. Which is only fun when it stops

Martin 


dimud...@gmail.com

unread,
Sep 3, 2021, 11:27:38 PMSep 3
to Google Apps Script Community

There are two places where you can find scope descriptions - the Google Identity scopes page and via the Google Discovery API.

Under the Google Identity page there is the list of OAuth scopes: https://developers.google.com/identity/protocols/oauth2/scopes.
There the "classroom.courses" scope is described as "Manage your Google Classroom classes".

If you check Google Discovery for the Classroom API at the following link:
https://classroom.googleapis.com/$discovery/rest?version=v1
you get a JSON object with a scopes property nested under the top-level auth property (see screenshot below) where it is described as:
"See, edit, create, and permanently delete your Google Classroom classes"

Screen Shot 2021-09-03 at 11.10.27 PM.png

The second description is more explicit but it is essentially the same as the first. So "Manage your Google Classroom classes" is equivalent to "See, edit, create, and permanently delete your Google Classroom classes".  I suspect that the descriptions under the Google Discovery API listing for the Classroom API are considered canonical so it may be better to use those to avoid any confusion.
Reply all
Reply to author
Forward
0 new messages