search

gilesknap / gphotos-sync

Google Photos and Albums backup with Google Photos Library API
Apache License 2.0
1.97k stars 161 forks source link

using the tool with new oauth rules from June 17, 2024 #479

Closed umueller459 closed 2 months ago

umueller459 commented 2 months ago

I just got an email from Google that

Starting June 17, 2024, Google users will get more granular controls for sharing their Google account data with third-party appsHello Google Developer,

Our records indicate that your app(s) has requested access to Google APIs and may be affected by an upcoming OAuth consent change. Starting June 17, 2024, Google will enable granular consent, which allows OAuth users to grant or deny Google account data permissions on a more granular level to third parties. We’ve provided more information below to help you through this change.

What do you need to know? OAuth users will see a granular consent screen allowing them to grant or deny granular permissions to Google account data to your app(s) starting June 17, 2024.

Note: Workspace Enterprise apps that are granted domain-wide delegation of authority or marked as Trusted will not be impacted by this change at this time.

What do you need to do? We recommend that you test your app with granular consent and make any necessary updates to ensure an optimal user experience:

Review our OAuth granular consent guide to learn about the requirements and best practices to handle granular consent. If needed, update your app to ensure it supports granular consent. If necessary, you may request a one-time extension, giving you until August 19, 2024, to support granular consent. Here is a list of your client ID(s) that may be affected by this change. If you have Google Cloud Platform (GCP) console login issues, the Google Cloud Support team can help. Please submit a ticket in the Support Hub.

When looking in the code, it needs

          "https://www.googleapis.com/auth/photoslibrary.readonly",
            "https://www.googleapis.com/auth/photoslibrary.sharing",

These are considered sensitive scopes. Does it mean the app needs some changes or will it continue to work? Thanks.

gilesknap commented 2 months ago

It does not sound like the API is changing just the GUI. (If my interpretation is correct then there should not be an issue - for gphotos-sync we all own our own 'app' so that everyone gets to take advantage of the free tier).

It may be that the docs will need updating because the flow changes slightly.

umueller459 commented 2 months ago

You are correct.

Upon further searching, I found this https://developers.google.com/identity/protocols/oauth2/production-readiness/sensitive-scope-verification#personal-use

The previous sections say:

If your app requests scopes categorized as sensitive or restricted, you probably need to complete the verification process unless your app's use qualifies for an exception.