Configure OAuth

When you publish your app, there are three main tasks to complete for OAuth:

  1. Fill out the OAuth consent screen.
  2. Create your OAuth 2.0 credential.
  3. Submit your app for OAuth verification.

Learn more about each task below.

The OAuth consent screen is a prompt that tells users who’s requesting access to their data and what kind of data users are giving access to.

For help filling out the OAuth consent screen, see User consent.

Create your OAuth 2.0 credential

If you built your app in Apps Script

You must switch your Apps Script project from its default GCP project to your new standard GCP project. See Switching to a different standard GCP project.

After you associate your Apps Script project with the GCP project, your OAuth 2.0 credential is automatically created.

If you didn’t use Apps Script to build your app

To create your OAuth 2.0 credential, see Setting up OAuth 2.0.

Submit for OAuth verification

If your app uses sensitive or restricted scopes, you need to undergo OAuth verification. See How do I submit for verification.

  • For OAuth verification, you need to submit a demo video demonstrating the usage of the scopes.
  • If your app uses restricted scopes, you might also need to go through a security assessment. Security assessments are optional if your app doesn’t use restricted scopes or if your app’s installation setting is set to Admin only install. See Why is the security assessment needed.

How OAuth verification differs from app review

OAuth verification is a separate process than app review. It focuses on making sure your consent screen accurately represents your app’s identity and intent, and ensures your app doesn’t misuse user data. For more information about OAuth verification, see OAuth API verification FAQ.

App review focuses on the information you provide in the Google Workspace Marketplace SDK, and the functionality and usability of your app. To learn more about the app review criteria, see About app review.