I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user. So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
Hi,
Thank you for your patience while we reviewed your project.
It looks like your app is only used by the people in your domain, so your project doesn’t need to be verified.
(Learn more about internal vs. public users).
Note: internal use and personal use are different.
Applications for Internal Use
If this is correct, please let us know by replying to this email. We'll then close your request, and you can update your project from public to internal by following these steps:
Sign-in to Google Cloud Console
Select the project ID: getEmails (id: getemails-354519)
Go to OAuth Consent Screen under APIs & Services
Go to User Type
Select Make Internal
Click Save**
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user.
To set an app as internal you would need to have created that app on google cloud console using a user on your google worksapce domain. You can not set an app to internal if you have created it on a standard google gmail user.
So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
If this app is being only used by you why would you want to verify it? verification is only needed when your going to have additional users then yourself.
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
Again you need to login and create the app from a user on your workspace domain not on a normal gmail user.
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
If its single user, and you don't have a workspace domain. Don't verify it there's no need to.
Related
I'm trying to build a plugin for a WordPress App, that uploads file to the users Google Drive space. I don't want the end user to create the Cloud Console Project. but rather just have him give consent so the plugin can access the needed data from his Google Drive account.
When I create OAuth 2.0 Client IDs in the Google Cloud Console (Web Application), Google asks for Authorized JavaScript origins and Authorized redirect URIs. Since the plugin will be portable and can be installed on different websites I can't define this.
How can this be solved that an OAuth2 Authentication by the user can be done, without knowing the URL where the app is running?
Thanks
You cant. Redirect uri must be configured properly, to point webserver the code authorization is running on.
You will need to instruct your users in how to create their own client.
Also as this is a WordPress application, you would need to share your client id and secret with the users. This is also against googles TOS.
possible workaround.
If you put up an authorization server on your own server. The users of your app could then login though that. A refresh token will be returned to their website running your app and stored locally. Your code could then run using the refresh token to access their data.
However you are then going to be responsible for verifying an app with google drive scopes.
My app runs on multiple subdomains
i.e. abc.foo.com xyz.foo.com for different regions.
We recently created a PWA for our app which runs on a different subdomain
m-abc.foo.com m-xyz.foo.com
To enable Sign in with Google for the PWAs, I added the redirect_uris and Authorized origins in the API Credentials for Google Cloud Platform.
Now, for these new subdomains I am getting the following error on the consent screen after choosing the google email address
This app is blocked
This app tried to access sensitive info in your Google Account. To keep your account safe, Google blocked this access.
The app currently asks for read/write access for Calendar only.
Could not find anything definitive on support documents either.
Anybody has any idea what I might be missing here?
To check, I added another subdomain def.foo.com and added redirect_uri for it. This time Google Signin worked fine without problem.
Does this have anything to do with the apps being a PWA?
Thanks!
I have a small personal-use only app that logs into a [throw away] gmail account to pull out an auth-token so it can then run a scheduled job (turning on/off my home cameras). Its dead simple and works, except that the app is in GCP TEST mode and it looks like the gmail auth expires in 7 days.
I highly doubt based on the below requirements that I can promote the app, and I dont want to publish it regardless. I tried GCP Support and wound up here. Im sure Im not the only person that has dealt with the 7 day expiration on a personal project. Any ideas?
If you check the documentation for oauth2#expiration
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
The key hear is setting your project into production.
What you are showing in that image are requirements for application verification. You shouldn't have to go though verification for a single user app.
Try just setting it to prodcution and then wait a week and see if it still expires. It shouldn't
I highly doubt based on the below requirements
Unfortunately with the new security restrictions. I wouldn't doubt anything these days. They keep changing the rules.
I'm currently building a web application that works with the Gmail API. I'm waiting for approval from Google's security team to have a proper OAuth connection, but I noticed that users can pre-approve your application by searching within the API Controls settings by your App ID.
This setting is located in the Google Account via: Admin Panel > Security > API Controls > App Access Control.
I noticed that if a user does this before they try to connect your app it doesn't go against your 100 account limit within Google Developer Console while in beta.
My question is, could you have this as permanent solution to get around the Google OAuth application if Google never approves you? Of course, through this method the user is still giving permission, just curious if this has been done by anyone before.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Help
I am having this error
<"Access Not Configured. Gmail API has not been used in project ********* before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail/overview?project=********* then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.">
I know Im having problem with the product ID. Couple of days ago my friend was running calendar API with my Pycharm and then he verified with his account with all the credentials. But I also created a new project>created new Credential. Downloaded the secret Json file and replaced with previous. I also checked the Json file, and the client ID was mine. But still Pycharm is still looking for that client ID which was my friends client ID. How do I resolve it?
I also tried opening new projects in Pycharm but still having same problem. I am new to python and Google APIs. If my question was too simple/obvious please pardon and help me out with the solutions.
The code I am using is given in this link, quickstart.py by Google developer page.
I finally solved the issue. I didn't enabled the gmail API from the console page. In the console page go to dashboard, next enable API and choose which API you want to enable. In my case it was Gmail.