Is there a way around the rule where Google says that test users that you remove from your unpublished app will still count against the allowed user cap?
Our app is still in private beta so we're okay with the limit of 100 users but I don't get why if we remove a user, it won't free up space for another tester.
Related
my Google Cloud Platform App is in Test mode in order to be later submitted to Google for approvation.
This App was proviously in production, so there are more that 100 accounts authenticated to the APP.
This means that I'm above the limit for 100 max users in Test mode and I cannot add new account i need to make some test.
I'm not able to find a way to list the currently authenticated users and remove them.
Anyone could help?
limit of 100 users reacher
There is no way to list the users who have authorized your application, there is also no way for you to remove them. You need to wait for verification of your application before you can add new users.
option one
If you have refresh tokens for the users you can try to revoke them and see if that grants you another additional users. However my research says this will not help as the 100 limit appears to be the number of users who have granted your application authorization not the number of users who currently are authorized by your application.
option two
You could also create new project and go though the verification process again, this time taking care not to gather have to many users before the verification process has been completed.
Our Google app uses a scope that's subject to Google's verification process outlined here: OAuth API verification FAQs.
We use two Google oauth apps: production and staging. Our production environment has been verified (after an extensive security review). Our staging environment has not been verified, and so we're subject to the 100-user cap outlined in "Exceptions to verification requirements" in OAuth API verification FAQs.
However, we need to be able create more than 100 accounts to test our "new user sign up" flow. After we use these test accounts, we no longer need them to have access. Currently, new accounts are seeing "Sign in with Google temporarily disabled for this app".
Is there a workaround for the 100 user cap in which we can remove access to test accounts that we're no longer using?
It is not possible to add more then 100 test users while your project is still in the testing phase. It is also not possible to remove a user once they have been added as a test user.
While publishing status is set to "Testing", only test users are able to access the app. Allowed user cap prior to app verification is 100, and is counted over the entire lifetime of the app.
This does not change even if your app is part of the Exceptions to verification requirements section you are still limited to 100 usrs
Note that your app will be subject to the unverified app screen and the 100-user cap will be in effect.
Unverified apps
As per this support doc you can try to request a quota increase with the following form.
I'm struggling with a the new OAuth verification process that Google has introduced. Earlier, my OAuth app was using sensitive scopes, and I made changes to ensure that the sensitive scopes are no longer required, and removed them from the OAuth consent screen configuration.
However, my OAuth consent screen is still being forced to go through the verification process (which is a black box and never seems to complete!)
I noticed the following user-cap being breached. Could the forced verification be because of this? How do I check which users are connected to my app, and also manually disconnect them? I have never bothered about this user-cap in the past, so it is quite possible that a number of these are internal/test users when the app was under active development and was being tested in production. Btw, if app simply deletes a user's refreshToken from the DB, and the user is forced to re-connect, will that count as +2 or +1 while calculating users against this cap?
Possibly related to How can I confirm the user limit of my google cloud/API? -- but that doesn't answer this question in detail.
I noticed the following user-cap being breached. Could the forced verification be because of this?
probably but only google can really anwser that
How do I check which users are connected to my app, and also manually disconnect them?
You cant there is no way for you to know what users where connected to your app and disconnect them unless you have saved a refresh token for these users if you have then you could remove them using the revoke command.
However this is no guarantee that the number google is displaying is going to change as it could be just a running total of users who have consented to your application in the past and not the ones who have currently consented. There is no way of know ing this as google hasnt told use.
if app simply deletes a user's refreshToken from the DB, and the user is forced to re-connect, will that count as +2 or +1 while calculating users against this cap
This may be true but that doesn't mean that the user has revoked your access to their application though their account. The only way to remove access is for the user to remove it in their account or for you to use the revoke endpoint to revoke them by force. Your application not having a refresh token doesn't mean that the user hasn't granted your application access.
Long story short your going to have to go though the verification process and wait for google to remove it when they see that you are no longer using the scopes that would require it.
Update: I have pinged someone on the team to see if this is working as intended or if it could be a bug. I will update this when i know more.
I am facing issue while accessing taxonomy for anonymous users, for windows authenticated users its working fine. This taxonomy is used for building site navigation and below is the code I am using to get the records
var navTermSet = TaxonomyNavigation.GetTermSetForWeb(site.RootWeb, StandardNavigationProviderNames.CurrentNavigationTaxonomyProvider, true);
This code is wrapped under run with elevated privilege and this code returns 2 term set and under each term set there are many terms presents, but if I run this code under windows authenticated user it will return all the terms else it will return only 2.
Under each termset it will show count as 0
Below verification I have done from my end
1) Site is anonymous and taxonomy hidden list is having anonymous enabled and provided view permission for everyone
2) Added MMS app pool account, Web app pool account to MMS db
3) Provided full access to both the account in term store admin access # central admin(Service)
Can any one please guide me how I can fix this
Regards
Anand
I have deleted the site collection and recreated it, then it started working.
I'm doing some kind of load testing with Facebook Test Java API for some app using fb authorization.
Since I'm doing selenium test in parallel, i'm able to see some effect:
I'm creating some test user
I get it's loginURL
I'm authorizing in selenium-driven browser with this loginURL
I'm creating many other users, each of them doing some stuff and becoming friend to the user from point 1, that is seen in selenium-driven browser.
At some moment I see this user logged off from facebook in browser. The exact moment is not clear, since the other test users are created and made friend with the target user in parallel threads, but it looks like this happens when i create 500 users.
When I try to log in again with loginURL obtained at step 2 it is still impossible. The fb redirects me to the login page.
It is possible to create much more than 500 users (at least 2000) with the api before the api will return the error, but the logging off is observed much before the reaching this limit.
The question is what is the limit of test facebook users supported with no problems?
And also, I've noticed that at beginning of the test test user access tokens worked okay, but by the end of the test all they were invalid and graph api didn't allowed to upload photos using that tokens.