Gdrive, Google does not want to verify the access

Aparisi_Francisco · November 26, 2020, 3:03pm

My app is using Gdrive. However, each time the user connects, there is a warning saying that the app has not been verified by Google.

I begun the verification process and I have received an email from Google:

Dear Developer,
According to our information the following localhost/testing URLs are present in your OAuth Clients.

** Client id: XXXXXXXXX-YYYYYYYYY.apps.googleusercontent.com*

** * http://127.0.0.1:8889/*

We encourage developers to create a separate OAuth project for development/testing and production which does not have to go through the verification process. Please remove the above mentioned localhost URLs from your production Oauth client and reply back for us to continue with the verification process.

So, what should I do?

Bart · November 26, 2020, 4:04pm

Hi,

We are currently investigating this issue and will report back as soon as possible.

Bart · November 30, 2020, 1:54pm

Can you please try the following?

Create a new app in the Google Developer Console
Select "Desktop app" as Application type (instead of Web application)
Use the Client ID and secret of this new app.
You still need to assign a CallBackURL in your client app for authentication, but this is no longer tied to the app you created in the Google console.
Request verification with Google for the desktop app

Aparisi_Francisco · December 2, 2020, 9:40am

I think this solution is not feasible.

I think the app needs a minimum of uses/access before getting the possibility of being verified.

If I create a new app in Google Console I lose it.

I am not 100% sure, however I think so.

Bart · December 2, 2020, 10:11am

Unfortunately I'm not aware of any other alternatives at this time.
If the Google application is configured as a web application, a valid callback URL is required and if the credentials are used in a desktop or mobile application only a localhost URL can be used.
This is a technical limitation.
The solution is to create a Google application of type "Desktop app" which is not tied to a localhost URL.

Lang_Phyllis · January 22, 2021, 9:13pm

I have also encountered this problem. I have created a new OAuth 2.0 Client ID configured as Desktop application but my CallbackURL = http://localhost:8888 as shown in the User Guide.

I don't know what CallbackURL should be. How should I set this?

Bart · January 25, 2021, 10:42am

Hi,

Please note that a Client ID configured as Desktop application should accept any callback URL that points to localhost. (provided that the port number is not used by another application)
It should not be set in the Google Developer Console.
You can assign the URL in the App.CallbackURL property of the component.

Lang_Phyllis · January 25, 2021, 2:49pm

I have configured the Client ID for both my Android and iOS apps as you described - as Desktop Apps with CallbackURL = http://localhost:8888. I have also restricted the Scope property to only those that I need.

I am still seeing a message that the app needs to be verified by Google. I am confused about this - should I set up Client IDs for an Android app and submit it to Google for verification and then repeat for an iOS app? I suspect that Google may have changed this recently.

Thanks again

Bart · January 25, 2021, 3:38pm

Yes you should go through Google's verification process to get your app verified.
Once it's verified the message should disappear.