How Can I Cancel The OAuth Consent Verification Process? - google-api

I was testing functionality on a website that I'm developing that allows the user to sign in using their Google account. I filled in the "OAuth consent screen" in the Google Developer's Console, including all of the URLs to allow Google to redirect a user back to my website with the necessary OpenID information. Everything works, but I used test URLs on the "OAuth consent screen". Afterwards, I made the very costly mistake of clicking the button at the bottom of the screen labeled Submit for verification. I should have clicked the button labeled Save. The URLs on my OAuth consent screen all have internal hostnames, so they're not accessible from the Internet. Is there any way that I can cancel the request to Google for verification? The page is currently frozen, and it won't let me change any of the URLs until I inevitably fail the verification process. There is also a message that states that verification may take up to 4-6 weeks, which is a long time to wait for something with a known outcome...
I know this may not be the right forum for this question. However, Google's own support page links to StackOverflow, and I'm sure web developers must encounter this problem quite frequently. I tried looking on Google's FAQ pages, but didn't see anything about canceling the verification process. It's quite possible that I missed something....
Edit I've received an e-mail from the Google Cloud Platform notifying me that my request to have my app verified has been denied. This makes sense, since I completed the Consent form with incorrect test URLs. However, the Save button on the OAuth consent screen is still disabled. The screen appears to be in the verification process. Perhaps this is the intended workflow for the screen. At any rate, the original request for verification was denied within a day or two, which was quite fast considering the 4-6 weeks that Google allows for the process. If anyone can confirm or deny that this is the intended behavior of the OAuth consent screen, I would be happy to mark their answer as correct...

At this point, I'm inclined to believe that this is the intended behavior of the OAuth consent screen. 3 days after the verification request has been declined, the message Your consent screen is being verified. This may take up to several weeks. Your last approved consent screen is still in use. is still being displayed. I now believe that further changes to the screen, such as updating the URLs, will require the verification process to be restarted, since the Save button remains disabled.

Related

Second-screen app in violation with Google Play Developer Policies

We have received a notice from Google Play that our app will be removed if we do not provide them with login credentials in our app. The problem is that our app is a second-screen game, where the primary screen is a desktop game which provides a four digit code for people to enter in our app and log on to the game. Our app has been in the Play Store for years and is quite popular.
Google Play has given us until Oct 4th to provide them with a code, otherwise our app "may be removed from the Play Store". We have set up a desktop computer running games in loop 24-7 until they have reviewed our app, and we have provided them with a link to a twitch stream where the game runs in loop.
It's now been seven days and we have not heard anything from Google Play. It's very frustrating that there is no personal contact, we only receive auto-generated bot/AI mails about policy violation.
Does anyone know what further action we can take to make sure our app is not removed? We have "contacted support", although contacting support in Google Play means just writing your app name and email address in a form and selecting a radio button of what the problem seems to be (none of them apply exactly). No response for days.
This is the original warning mail from Google Play:
Hi Developers at xxx, After a recent review, we’ve identified that we
need additional information about your app xxx in accordance with our
policies. Please resolve the issue described below by October 04, 2022
to avoid further action against your app. Reasons of violation Issue:
Need login credentials for app review In order for us to review your
app for compliance with Developer Program Policies, we will need you
to provide valid login credentials for your app. If users need
credentials to access your app, please provide all appropriate
credentials via Play Console. If you previously supplied credentials,
please ensure that they have not expired. If your app normally uses
2-Step Verification (e.g. SMS verification), biometrics (e.g. a
fingerprint or face scan) or a location-dependent password (e.g.
geo-gate), please provide valid demo credentials that we can use
instead.
in Google Play Console in app content > app access > Add new instructions
in password field write down the 4-digit code.
in Any other instructions Write a detailed step-by-step guide on how to walk through game until the 4-digit code entered, and provide them with a valid digit code (that always works) and write that this is a "Demo Digit code".
Also, provide them with a video just to the point of entering the code and logging in (the shorter the video the better)
And you will have to wait, it takes a lot of time do not worry.

OAuth Verification Request - App Name and logo are not showing in our App OAuth Screen

I have a problem with the verification process of our Google App.
All requests from Google are done, (Domains verification, demo video). Still one thing which is Consistent Branding. Google are saying that our App name and logo must be displayed in the OAuth screen. And to do that I should put them in the OAuth setting, which is done.
But even after updating these details App name and logo are not showing.
The Google Cloud Trust & Safety Team, told me that this problem can't be fixed from their side, and send me this link https://support.google.com/googleapi/answer/7014572?hl=en , in where I find that I can ask a question here.
So, any help please.
You can't find below all the screen shot that can help.

Google API Oauth consent screen stuck in verification for almost a year

I built a Chrome Extension using the Google Slides API ~8 months ago, with users having to sign in with the OAuth consent screen as to be able to use the extension. The extension has over a thousand users, and for the past weeks I've had reports of people seeing an error that says "Sign in with Google temporarily disabled for this app".
I checked and indeed the OAuth page was still "being verified", although it still said it would only take a few days / several weeks. I'm not using any sensitive scopes either, so it all seems very odd. If the app didn't meet the criteria I would have been rejected, but that doesn't seem to be the case.
So my question is, how can I get it verified, or if anything rejected so that I can make a new submission? I looked all over the place and I haven't found a way to get it unstuck. I'm pretty sure 8 months for verification isn't normal whatsoever.
Google seems to manually validate each OAuth screen. That's a long (and costly process), but to my experience, it generally takes 24 hours if you don't use any sensitive/restrictive scopes. As it's your case apparently, I presume your submission has probably being lost somewhere.
My recommendations:
Check in the Google Cloud Console the status of your OAuth Screen. After logged in Google Cloud console, click on the hamburger icon and select "APIs & Services" > "OAuth consent screen". At the top of the page you will see the status. If it's something like "pending verification", go to step 2. Otherwise, make sure the form is completed and submit it to verification again.
Search in your emails if you have been contacted by "api-oauth-dev-verification-reply [at] google [dot] com" (the address might slightly change as they use a ticketing solution). Maybe they tried to contact you but the email went to spam?
Get in touch with the OAuth team by emailing "api-oauth-dev-verification-reply [at] google [dot] com". Make sure to add your
Google Project number in your email, so they will be able to check
what's wrong.
Disclaimer: I don't work at Google. But I'm bit familiar with that process now :)

AAD Authentication Directline & Teams, Disable Security Code

I would like to have users authenticated in a v4 bot in both Teams and Directline (rendered on webpage) with as little user interaction as possible. My code is based on MS BOT Samples Github: BotAuthenticationMSGraph and has not changed at all besides configuration settings.
Right now, the directline pops up an extra tab, if needed presents username/password signin, and always presents six digit code for the user to copy/paste into the chat window. This completes authentication.
Right now, on teams, the operation is the same aside from a problem where after entering credentials (if needed), the popup then closes before the code can be seen. However, if I complete the process manually in a browser, pasting the code into teams successfully completes the signin.
How can I disable the need for a six digit code? Additionally, if anyone knows a fix to prevent the teams signin popup from closing early let me know.
You can make use of OAuthCards for authentication in Microsoft Teams.
https://github.com/Microsoft/BotFramework-WebChat/issues/1001#issuecomment-434530463 is a solution which involves webchat which works with AAD and no magic code.
https://github.com/Microsoft/BotBuilder/issues/4632#issuecomment-441957719( refer to #compulim's comment here, who is the developer of Web Chat and has specified the steps to eliminate the magic code flow).
Additionally, this explains about the mechanism that’s both more secure and users do not need to deal with any “magic code”.
Also, If your browser is set to block 3rd party cookies, it will again fall back to the magic code flow.
With regards to your last question about the teams signin popup closing early, refer to this GitHub issue which deals with a similar issue.
Hope this helps.

How can I build a webapp which uses google calendar api without having to become verified?

What I want to build:
I want to build a website where users can connect their google calendars (this will use Google Calendar API's)
and view their calendar events, as well as edit them, and create new ones.
My problem:
In order to do so, google says my app needs to be verified, which can take weeks, and I also need to set up terms of services pages, privacy policy pages
I also need to supply authorised javascript origins which MUST start with https, which of course is a problem during development, since my origin is http://localhost
I also need to set up support emails and homepage link
Question
I just want to start building my application without having to set up a whole production-ready website eco system.
Is there anyway I can use these Google Calendar APIs for editing/creating calendar events locally, without having to set up everything mentioned above first?
Unverified apps can still be used by the developer who created the project on google developer console.
Unverified app screen
The app or script might display an "unverified app" screen before it displays the consent screen. This is based on the specific scopes that your app includes in the request.
You can still work on your app while you are going though the verification process. However that being said i would start that process asap it can take a long time to get verified.
Yes, you can. As far as I am able to tell, all the verification step does is remove the "unverified app" screen. As long as you click Advanced > Go To ... (unsafe), you should be able to create and edit calendar events for that user in your application.
In order to be able to create and edit calendar events, you need to use the most sensitive scope, which is https://www.googleapis.com/auth/calendar. I couldn't figure out how to edit and create calendar events in my web app until I changed my scope from calendar.events to calendar.
Creating Events: https://developers.google.com/calendar/create-events

Resources