unverified app - unable to configure new install on OSX

[davesmylie]

New install on OSX.

When starting cmdg for the first time I am prompted to to get the client id/secret from google.

Once that is is entered, I am redirected to an Unverified App page:

This app isn't verified This app hasn't been verified by Google yet. Only proceed if you know and trust the developer. If you’re the developer, submit a verification request to remove this screen. Learn more Google hasn't reviewed this app yet and can't confirm it's authentic. Unverified apps may pose a threat to your personal data. Learn more Go to (unsafe)

a href="#" jsname="ehL7e" class="xTI6Gf vh6Iad">Go to (unsafe)

The "Go to (unsafe)" does not work - when clicked it shows "Something went wrong. Please try again".

It seems like google enforces a hard limit on 100 new users in total, once the app presents the unverified app screen - perhaps this has been reached?

https://support.google.com/cloud/answer/7454865

This happens on all browsers I have tried (chrome, ff and safari).

Are you able to request verification from google please?

[ThomasHabets]

So you generate the credentials yourself? If so then I think you should consider yourself "the developer" when reading Google's docs.

I think what you need to do is, like the page you link to says, "Your app uses sensitive scopes and you haven't configured your OAuth Consent Screen and requested verification".

Could you check if that's the problem?

If so I'd like to document that in the cmdg README.

There exists a very involved (new) process for getting sensitive scopes. I hope that's not what you're running into (and I also don't think it's that). Because that has a ridiculous cost associated with it.

[davesmylie]

Roger that.

Have started the process (i think).

I needed to set up Terms of Service pages and a privacy policy hosted on a separate sever, and also cannot host or run the app itself from localhost/my pc. (the app needs to be hosted on a "top private domain" to be able to be used for oauth authentication according to the oauth consent screen)

the application has been submitted to the Ouath group to be verified by the Trust and Safety team. This will take several weeks apparently - I will update when I hear back.

[ThomasHabets]

Oh yeah, it's been a while since I set this up, so thanks for reminding me about these steps in detail.

Thanks for not giving up. :-)

[davesmylie]

So very anti-climatic in the end. I'm not sure if I triggered anything with the content of my application, or if it was automatic based on the app functionality, but I almost immediately got a reply saying:

Dear Developer,

Thank you for submitting a verification request. Based on the type of request you've submitted you can skip the verification process if your app does not need to display an icon.

I ran through the authorisation process again - this time the Prompt changed from:

a href="#" jsname="ehL7e" class="xTI6Gf vh6Iad">Go to (unsafe)

to

a href="#" jsname="ehL7e" class="xTI6Gf vh6Iad">Go to CMDG (unsafe)

This then worked as expected.

Trying to load CMDG then bought up another prompt to enable an API - did this and CMDG started up

Thanks for your help on this and hopefully the above will help anyone else running into the same issue.

Thanks Dave