Google Cloud API Services Oauth with a Testing App - google-cloud-platform

I have a small personal-use only app that logs into a [throw away] gmail account to pull out an auth-token so it can then run a scheduled job (turning on/off my home cameras). Its dead simple and works, except that the app is in GCP TEST mode and it looks like the gmail auth expires in 7 days.
I highly doubt based on the below requirements that I can promote the app, and I dont want to publish it regardless. I tried GCP Support and wound up here. Im sure Im not the only person that has dealt with the 7 day expiration on a personal project. Any ideas?

If you check the documentation for oauth2#expiration
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
The key hear is setting your project into production.
What you are showing in that image are requirements for application verification. You shouldn't have to go though verification for a single user app.
Try just setting it to prodcution and then wait a week and see if it still expires. It shouldn't
I highly doubt based on the below requirements
Unfortunately with the new security restrictions. I wouldn't doubt anything these days. They keep changing the rules.

Related

How to make a Gmail API app Internal without having a Google workspace account

I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user. So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
Hi,
Thank you for your patience while we reviewed your project.
It looks like your app is only used by the people in your domain, so your project doesn’t need to be verified.
(Learn more about internal vs. public users).
Note: internal use and personal use are different.
Applications for Internal Use
If this is correct, please let us know by replying to this email. We'll then close your request, and you can update your project from public to internal by following these steps:
Sign-in to Google Cloud Console
Select the project ID: getEmails (id: getemails-354519)
Go to OAuth Consent Screen under APIs & Services
Go to User Type
Select Make Internal
Click Save**
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
I have developed a desktop app that uses the Gmail API to download emails from only my own Gmail account. When I try to make the app "Internal", I am told that I cannot do so, because I am not a Google workspace user.
To set an app as internal you would need to have created that app on google cloud console using a user on your google worksapce domain. You can not set an app to internal if you have created it on a standard google gmail user.
So I started the verification process and went thru the first step - the domain verification process. After this step, I received this email from api-oauth-dev-verification#google.com:
If this app is being only used by you why would you want to verify it? verification is only needed when your going to have additional users then yourself.
But every time I try to make the app internal, I am prevented from doing so with the same message "Because you are not a Google Workspace user, you can only make your app available to external users".
Again you need to login and create the app from a user on your workspace domain not on a normal gmail user.
How do I get around this Catch-22 situation? Any help would be greatly appreciated.
If its single user, and you don't have a workspace domain. Don't verify it there's no need to.

OAuth Re-Auth Frequency Changed for Google OAuth

I've been using
https://github.com/tokland/youtube-upload
to automate uploading of videos to YouTube, no other processes share the auth session, this process is the only one using the credentials. I've been using this for years however more recently, within the last couple months, it seems like the OAuth session keeps expiring on me almost on a weekly basis. This would break my automation and I have to re-authenticate weekly.
No updates were done to the script prior to this issue starting. Is anyone aware of any changes Google had made that may have cause this new behavior to happen?
The reproduction is as follows:
Have sufficient route to upload videos onto YouTube API
Use https://github.com/tokland/youtube-upload to upload videos to YouTube
When executing youtube-upload, it will prompt for OAuth2 authZ code, enter the code after visiting authZ webpage
Automate the uploads (~30 videos per day)
After a week, OAuth authZ session will expire and re-authZ will be required
OAuth session keeps expiring on me almost on a weekly basis.
From oauth2#expiration:
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
If your app is still in the testing phase your refresh token will expire every week. You need to set your application to production in google cloud console under the auth consent screen.

Youtube API Integromat testing app - connection getting disabled

I don't have much idea about API but I managed setup Youtube API so that I am able to use Integromat workflow between Youtube and Airtable.
It works fine.
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
The Youtube app was setup properly (as instructed by Integromat) and as I said it works..... it's grabbing URLs of new Youtube videos on my Youtube channel and it is pushing those URLs into Airtable.
Now have even added mysef now as the user of the app. Wasn't listed as the user there (1 out of 100). Could that be the reason?
The Youtube API is setup as a test-app. Is that the reason for the disconnects at Integromat?
Do Ineed to request Google to have the app verified? Or can I continue with the app being a test app? (Because it says it hasn't been verified).
I don't know much about what I am doing but it sees working fine for me so I guess I managed to set it up OK except for the one issue with connection loss.
Pic:
The 2nd and 3rd item on the 2nd picture is for the Youtube API connection... and that is where I am being asked every now and then by Integromat to reconnnect the connection.. then I need to login and Google wanrs me my application wasn't approved so I pick continue etc...
The issue I have is the connection between my Youtube API at Integroat is getting disconnected after a few days / weeks and have to re-verify(reconnect) to Google account again.
This is because your authorization has an expire time. Access tokens by default work for one hour. If you want your application to refresh its access then you need to request offline access and store the refresh token and then use that to refresh your access whenever you need it.
On unverified apps refresh tokens will expire after a very short time this is because your application is considered to still be in development. YOu should apply for verification when you are ready to go to production. until that time you will need to login again regularly but as you are in development this sholdnt be to much of a problem.

Google API OAuth When User Gives Approval From App Access Control

I'm currently building a web application that works with the Gmail API. I'm waiting for approval from Google's security team to have a proper OAuth connection, but I noticed that users can pre-approve your application by searching within the API Controls settings by your App ID.
This setting is located in the Google Account via: Admin Panel > Security > API Controls > App Access Control.
I noticed that if a user does this before they try to connect your app it doesn't go against your 100 account limit within Google Developer Console while in beta.
My question is, could you have this as permanent solution to get around the Google OAuth application if Google never approves you? Of course, through this method the user is still giving permission, just curious if this has been done by anyone before.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Yes, this is allowed when all your users are Google Workspace users, and is listed under exceptions to verification requirements here: https://support.google.com/cloud/answer/9110914?hl=en. If your application is meant for a broad set of users, completing app verification is necessary.
Help

Access Not Configured. Gmail API has not been used in project ********* before or it is disabled. (Python, Gmail API)

I am having this error
<"Access Not Configured. Gmail API has not been used in project ********* before or it is disabled. Enable it by visiting https://console.developers.google.com/apis/api/gmail/overview?project=********* then retry. If you enabled this API recently, wait a few minutes for the action to propagate to our systems and retry.">
I know Im having problem with the product ID. Couple of days ago my friend was running calendar API with my Pycharm and then he verified with his account with all the credentials. But I also created a new project>created new Credential. Downloaded the secret Json file and replaced with previous. I also checked the Json file, and the client ID was mine. But still Pycharm is still looking for that client ID which was my friends client ID. How do I resolve it?
I also tried opening new projects in Pycharm but still having same problem. I am new to python and Google APIs. If my question was too simple/obvious please pardon and help me out with the solutions.
The code I am using is given in this link, quickstart.py by Google developer page.
I finally solved the issue. I didn't enabled the gmail API from the console page. In the console page go to dashboard, next enable API and choose which API you want to enable. In my case it was Gmail.