Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.
Users from outside the developer’s domain accessing the OAuth prompt for a client that has not been reviewed and verified will see a new unverified app screen, and the number of such users will be capped. An unverified authorization flow allows users to authorize unverified apps, but only after confirming they understand the risks. You can read more about this change in this help center article.
This change applies to Google OAuth web clients, including those used by all Apps Script projects. By verifying your app with Google, you can remove the unverified app screen from your authorization flow and give your users confidence that your app is non-malicious.
OAuth clients for add-ons that are being published are verified as part of the existing add-on review process prior to publication and do not need additional verification. Published add-ons that have already gone through the add-on review process also do not need additional verification.
Add-ons that are published to a limited set of users/domains or only to those with the link may present users with the unverified app screen. It is recommended that you verify the add-on with Google in these cases.
Web apps and other deployment types
Web apps and other deployments (such as apps that use the Execution API) may need verification.
If the app uses sensitive OAuth scopes, the unverified app screen may appear as part of the authorization flow. Its presence (and the resulting unverified app authorization flow) depends on what account the app is published from and what account is attempting to use the app. For example, apps published in a specific domain of a customer do not result in the unverified app authorization flow for accounts in that domain, even if the app has not been verified.
The following table illustrates what situations result in the unverified app authorization flow:
|Client is verified||Publisher is a G Suite account of customer A||Script is in a Team Drive of customer A||Publisher is a Gmail account|
|User is a G Suite account of customer A||Normal auth flow||Normal auth flow||Normal auth flow||Unverified auth flow|
|User is a G Suite account not of customer A||Normal auth flow||Unverified auth flow||Unverified auth flow||Unverified auth flow|
|User is a Gmail account1||Normal auth flow||Unverified auth flow||Unverified auth flow||Unverified auth flow|
1Any Gmail account, including the account used to publish the app.
The number of users who can authorize an app via the unverified app flow is capped to limit possible abuse. This cap does not apply to verified apps.
You can request a review of the OAuth client used by your app and its Cloud project. Once your app is verified at the end of this review, your users will no longer see the unverified app screen. In addition, your app will no longer be subject to the user cap.
In order to submit your OAuth client for review and verification, you must:
- Own a domain and have verified ownership with Google; and
- In the Apps Script editor, select File > Project properties > Scopes. Make a note of all the scopes your script project uses.
- Ensure that you have access to the Cloud Platform project for your Apps Script Project. If your project resides in a Team Drive, you must associate it with a new Cloud Platform project.
- Access the API Console by selecting Resources > Cloud platform project… In the dialog that opens, click the top link, which is typically something like [Script Name] - project-id-123456789012.
- Select Credentials in the left-hand nav bar.
- On the Credentials tab, make a note of the Client ID for the Apps Script OAuth client.
- In the upper-right corner of the API Console, select ⋮ > Project settings.
- Make a note of the Project ID for your Cloud project.
When verification of your OAuth client is confirmed, your app is verified.