About Google Cloud App Verification

Andro-Tester · 01-29-2023 11:59 PM

Hi Team,

I have a question about App Verification of a Google Cloud app that uses Google Signin, because it shows the "unverified screen" during login. The app to be verified is running on Google Cloud, with an appspot URL.

In the Consent Screen, in the "application home page", and "privacy policy page", may I use the app domain name (from Google Domains), but with the site hosted in Google Sites? Is it required that the app domain name point to the appspot URL where the app is actually hosted?

Thank you.

dionv

Hello Andro-Tester,

The app or script might display an "unverified app" screen before it displays the consent screen. This is based on the specific scopes that your app includes in the request. This warning will display when:

Your app uses sensitive or restricted scopes and you haven't configured them in your OAuth consent screen configuration page and requested verification.
Your app uses sensitive or restricted scopes that you haven't selected on the OAuth consent screen configuration page.
You selected sensitive or restricted scopes on the OAuth consent screen configuration page and requested verification, but the verification is not yet complete.

When the scopes requested in your app code differ from the scopes requested in your OAuth consent screen configuration page, your users see an "unverified app" screen. Make sure that scopes you request in your app are the same as what's in your OAuth consent screen. You can check this documentation for reference.

Andro-Tester

Hi @dionv , thanks for the reply. I am trying to fill up the Consent Screen, and I would like to ask: should the domain name used for "application home page" and "privacy policy page" point to the Google cloud appspot URL, or can it point to the app "landing" page, hosted for example in a Google Site? What exactly is asked for the "authorized domain" in the Consent Screen -- is it the appspot URL, or the "landing page" domain?

Thanks.