My OAuth consent screen verification shows me this messsage
Comply with domain verification requirements
Ensure your application's domains have completed the Search Console verification process
But in my Authorized domains there domains like **.chromiumapp.org or *.extensions.allizom.org/
which ownership I cant verify.
Assume that you already verified your domain and still getting this error, try to do this:
Go to your "Google Console" > "OAuth Consent Screen" and under "Publishing status" click "Back to testing"
Now you are back in the test mode, click "publish" again
You may see some new demands to publish it, which were unknown before. You could follow these demands now.
After that, you will see "The Trust and Safety team has received your form." message.
If you can't make changes to the DNS of the domain you want to verify, you can try verifying the ownership of your domain by Verify file or html tag method. Take a look at this link for more information.
Go to your Google webmaster and make sure you can see your domain there,
If not follow the steps on the same page to verify the domain owner.
Related
I am losing my mind. I can basically switch between "testing" and "in production" for my oauth configuration that I'm trying to use for my chrome extension.
It told me I cannot go "live" because I need approval because of my scopes. So I submit for approval, and I'm rejected because I'm not live. I literally don't have a clue what to do and I'm losing my mind. Please help.
There's nothing stopping you from changing the status to "In production". The message is saying that you also need to verify your app after pushing it to production.
You can have a public app without verification. The caveat is that users will see this scary warning when they try to sign in with OAuth:
The purpose of the verification is to remove this message, and probably allow you to publish your app in the Chrome Web store since it's an extension, but before getting verified you still have to change the status to public.
I also recommend you check out their docs:
API verification FAQs
Unverified apps
We are using Google to enable users to use their Google account to authenticate themselves (using AWS Cognito federated sign in) with our Mobile application (we only have mobile applications, no web). We are only using the non-sensitive scopes, but even with that it seems that we are required to go through the whole verification process.
Scopes used:
OAuth scopes
But when I try and publish the application I get a popup notifying me that the verification is required and even mentions sensitive and restricted scopes:
Google publish popup
Step 1 of the verification process is ok, but the other steps are what baffles me.
When I take a look at the documentation it mentions that only if you are using sensitive or restricted scopes that verification is required.
Is there any way to setup the application so verification is not required or at least not as extensive? Most likely we have configured something wrong, or didn't understand the documentation correctly, so any suggestion would be more than appreciated.
In addition to scopes, there a few more reasons why your consent screen might require verification:
You want to display an icon or display name for your project on the OAuth consent screen.
Your project's OAuth clients request authorization of any sensitive or restricted scopes.
The number of authorized domains for your project exceeds the domain count limit.
There are changes to your project's OAuth consent screen configuration after a previous published, verified configuration.
I'm working on getting a Google app verified, and although I have completed the domain verification, the Oauth consent screen says that it is waiting on me to "comply with domain verification requirements." What does this mean?
1. I've confirmed that I completed domain verification at https://www.google.com/webmasters/verification/home. (With my personal google account, I verified the domain with a DNS TXT record, then delegated it to my work account.)
2. ...and I've set that domain as the sole authorised domain for my app...
3. Nevertheless, the Oauth consent screen says that I still need to comply with the domain verification requirements. Why would this be?
Once you have completed the actions specified under "Pending developer action", you will need to reach back out to the Google verification team to inform them that you've taken action for your app verification to proceed. See https://support.google.com/cloud/answer/10311615#zippy=%2Cpending-developer-action.
I submitted changes to my OAuth consent screen.
Name change
logo update,
2 new scopes
domain change
Google contacted me to send them a video that show how I would be using the 2 new scopes. I did this and after that they approved everything. The verification status changed to "Published" and all domains and scopes have a green tick next to them.
I can see the logo & name change when I do a normal login. When I request the new scopes on the screen where it is needed I still see the "This app isn't verified".
I have confirmed that I am sending only the scopes in the consent screen.
openid
profile
email
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/calendar.readonly
I replied to the emails that google sent me to ask if there is still something that needs to be approved, they just reply and ask for a video. It looks like an automated response, but then I send them another video.
What more needs to be done to get the app verified? I did go through all their documentation.
Problem is that Google was correct and the scopes the app was submitting is incorrect.
What was approved by google:
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/calendar.events.readonly
But the app was requesting:
https://www.googleapis.com/auth/calendar.events
https://www.googleapis.com/auth/calendar.readonly
Almost the same, but not. Always triple check that what you are sending is the same as what is allowed.
What does the following Mailgun error response mean when one tries to send a message?
Status: 400
Body: {"message": "Sandbox subdomains are for test purposes only. Please add your own domain or add the address to authorized recipients in Account Settings."}
Have you set up some authorized recipients for the sandbox domain?
https://documentation.mailgun.com/en/latest/faqs.html#how-do-i-pick-a-domain-name-for-my-mailgun-account
A sandbox subdomain of mailgun.org. Example: sandboxXX.mailgun.org.
This option allows for quick testing, without having to setup DNS
entries. This domain is provisioned automatically with every new
account. But you can send only to authorized recipients.
in 2019 is:
Click to your domain, and you see at the right the Authorized Recepients box
i have faced this problems.
if testing with sandbox, should be add the authorized recipients.
then copy the sandbox name as a domain.
Thanks you.
Log in to your Mailgun account, go to the log section. There you should see a log entry for the failed attempt to delivery that email. Click on it to see all details. it should display the full error message as well as additional information.
However, most likely you forgot to add that specific email address to the list of authorized email addresses.
Side note: after adding yourself to authorized recipients, you also need to verify your email address. I almost disregarded the following email as commercial, but in fact I kept getting the error until I agreed:
Hi there,
Mailgun account "[...]" provided your address to test their integration with Mailgun.
Please click the link below if you agree to receive emails from their account.
I had the same problem I solved this by doing below steps.
Add an email to Authorized Recipients - Steps.
When you add from and to emails Don't add Quotation marks