RE: OAuth Verification Request

[tgr...@ivsoftware.com]

Dear Google,

 

We’ve completed the required actions in your emails of 10/25/2020 and 10/31/2020 are hoping to advance our verification request!

 

Your email of 10/25 provided an action checklist:

• The attached a pdf shows each required Action annotated (in red) with the specific response taken to bring the project into compliance.
• The privacy policy has been revamped to make it clearer regarding user data.
• A second YouTube video has been added with the goal of making our authorization flow as transparent as possible. It shows internals and full URLs and demonstrates exactly how the app uses the data.

 

Your email of 10/31 stated that verification could not proceed until our Microsoft Store app was published (since we had been trying to complete the verification prior to public release).

• We met this condition and made the app discoverable in MS Store in December.
• We continue to test and release add-ons for the product (and pending this verification) and so haven’t made any real attempts to drive traffic either to our website or to the store.
• That said, SasQuatch Find Anything® is legitimately published and available free to the public.
• Versions for Google Play and Apple Store are actively being developed.

 

I know your time is valuable and have made every effort to avoid wasting any of it! Let me know if there’s anything I’ve missed, and I’ll give it prompt attention.

 

Tom Gregor

IVSoftware LLC

 

 

 

 

From: API OAuth Dev Verification <api-oauth-dev-verificati...@google.com>
Sent: Sunday, October 25, 2020 2:38 AM
To: sasquatch-find-anyth...@googlegroups.com
Cc: tgr...@ivsoftware.com
Subject: RE: OAuth Verification Request

 

 

Appeal Received

MY CONSOLE   Your Google Cloud Project sasquatch       Action Needed   Dear Developer,  Your app needs to follow some extra requirements so you can continue with verification. Please reply directly to this email when your app meets all of these requirements: Privacy Policy Requirements Under the Google API Service: User Data Policy, your privacy policy must follow these guidelines:  The privacy policy is hosted by the domain of your website. The privacy policy is accessible from the app’s home page. The privacy policy is visible to users. The privacy policy is linked to the OAuth consent screen on the Google API Console  The privacy policy and in-product privacy notifications clearly describe the way your application accesses, uses, stores, or shares Google user data.  The way you use Google user data is limited to what you've described in your privacy policy. The privacy policy contains verified domains and accessible URL links. Verified Domains & Accessible URL links You also need to verify that you own all the authorized domains listed in your request: Go to the IAM page to add a role owner to your project. Roles give project members the permissions they need to verify domain ownership. Add either a Project Owner or a Project Editor to your project. Go to the Search Console to complete the domain verification process. Please Note: Third party domain not owned by you, or domains that are hosted by a third party site, or redirects to third party sites are not permitted. App Demonstration Video Respond directly to this email with a YouTube video link that meets these requirements: Video is publicly accessible. OAuth Consent Screen is in English. OAuth Consent Screen shows the App Name. URL bar of the OAuth Consent Screen fully displays the Client ID in your project which contains the project_number (This is not required for native Android and iOS apps). Video shows the OAuth grant process that users will go through. Video shows how the data will be used by showing functionality for each sensitive and restricted scope you've requested. Video shows how data is accessed on each OAuth client. You do not need to be personally visible in the demo or narrate the video. Demonstrating the process from the keyboard/screen view is fine. If you cannot fulfill the above requirements because users are currently seeing the "Sign in disabled" screen, make sure you provide us with an email address so that we can temporarily disable the warning screen, allowing you to demonstrate all of the above video requirements. If you cannot fulfill the above requirements because your app is an add-on that has not yet been published to the GSuite Marketplace, please reply to let us know.  You must follow these requirements to continue with verification. If you don't follow these requirements, we may have to reject your request. You can find more information in the OAuth Application Verification FAQ. To make sure we don't miss your messages, reply directly to this email to continue with the verification process.  Any new email sent to api-oauth-dev...@google.com won't go to our team. GO TO MY CONSOLE   Thanks, The Google Cloud Trust & Safety Team © 2020 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 You have received this mandatory service announcement to update you about important changes to Google Cloud Platform or your account.

 

 

 

[tgr...@ivsoftware.com]

Hello,

 

I apologize that you had trouble opening the two links that were provided in the PDF. I’ve double checked to make sure the YouTube videos are publicly accessible and that someone not logged into my account can open the links. They are both ‘unlisted’. Please let me know if that’s where the problem lies.

 

 

The first video (1:58) (no sound) is raw screenshot and transparently demonstrates the authorization flow from an internal perspective. It starts with how to make the add on visible for testing and verification purchases by simulating a purchase using license code 9A5E2629-3C08-4871-9143-1065ABD9EB30.

 

https://www.youtube.com/watch?v=eHzrF88Gq34

 

 

The second video (2:39) is a customer-facing Quick Start help video available in-product.

 

https://www.youtube.com/watch?v=Mm2SWq_Yv-0&list=PLwG1MuM3s8jCX5yfIwdF_dmUshngFXoeG

 

 

I hope this is helpful.

 

Tom Gregor

IVSoftware LLC

 

 

 

From: API OAuth Dev Verification <api-oauth-dev-verificati...@google.com>
Sent: Saturday, May 15, 2021 7:24 PM
To: sasquatch-find-anyth...@googlegroups.com
Cc: tgr...@ivsoftware.com

Subject: OAuth Verification Request for Project SasQuatch (id: sasquatch)

 

Appeal Received

MY CONSOLE   Your Google Cloud Project SasQuatch (id: sasquatch)   [Action Needed] Update Demo Video   Hi, Thanks for your patience while we reviewed your project. Unfortunately, we couldn't access the demo video that you sent us or a demo video was not provided. We can't continue with your request until we have access to your demo video. As a reminder, your video should satisfy these requirements:

Video is publicly accessible.  OAuth Consent Screen is in English.  OAuth Consent Screen shows the App Name.

URL bar of the OAuth Consent Screen shows the Client ID for your project, which contains the project_number 819745495459 (This is not required for native Android and iOS apps).

Video shows the OAuth grant process that users will go through.

Video shows how the data will be used by each sensitive and restricted scope you've requested.

Video shows how data is accessed on each OAuth client.

Your video must meet these requirements to continue with verification. If you don't follow these requirements, we may have to reject your request. Please reply directly to this email with a link to a new demo video for your project SasQuatch (id: sasquatch). You can find more information in the OAuth Application Verification FAQ. To make sure we don't miss your messages, reply directly to this email to continue with the verification process. Any new emails sent to api-oauth-dev...@google.com won't go to our team. GO TO MY CONSOLE

Thanks, The Google Cloud Trust & Safety Team

© 2021 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043