Thema: Google OAuth2 über EmailArchitect

Einzelnen Beitrag anzeigen

Kostas

Registriert seit: 14. Mai 2003
Ort: Gerstrhofen
1.062 Beiträge
 
Delphi 10 Seattle Enterprise
 
#4

AW: Google OAuth2 über EmailArchitect

  Alt 7. Dez 2022, 15:21
Wir haben das so verstanden:
wenn erweiterte Scops benötigt werden wie z.B. SMTP dann muss die App registriert werden.
wir benötigen also - ./auth/gmail.send auf https://mail.google.com

Die Sache mit dem 100 aktiven Usern ist bei "internal" Apps. Die müssen dann eine Gruppe mit max 100 User anlegen.

Das ist bei Versucht unsere App zu registrieren per Email bekommen:

Hi,

Thanks for your patience while we reviewed your project. Please respond directly to this email when your request contains all of the following information:

Security Assessment

Every app that requests access to Google users' restricted data must go through a Tier 2 security assessment.

We'll give you further information when your project reaches this stage of the verification process. Until then, please do not pursue a security assessment until you have received instructions from our team.

You can read about scenarios when security assessment is not required in the OAuth Application Verification FAQ.

Homepage Requirements

Your homepage must satisfy the following requirements:

Clearly explain what your app will do with user data.
Thoroughly describe how your app enhances user functionality.
Be accurate, inclusive, and easily accessible to all users.
Represent your brand and clearly describe the app you’re submitting.
Provide a visible link to your Privacy Policy. The Privacy Policy must clearly describe how your application accesses, uses, stores, or shares Google user data.
Must not be a link to a sign-in page.
The URL must link to a publicly accessible domain.

Verified Domains & Accessible URL/URL Links

You must verify that you own all the authorized domains listed in your request:

Go to the IAM page to add a role owner to your project.
Roles give project members the correct permissions to verify domain ownership for the authorized domains listed in your project.
Add either a Project Owner or a Project Editor to your project.
Go to the Search Console to complete the domain verification process.

Scopes Selection & Justification

Your requested scope(s) must be as narrow as possible.
If you ask for more data than you need to use, we will either reject your request or suggest a more appropriate scope.
You must provide a detailed justification for your requested scope(s) as well as an explanation for why a narrower scope would not be sufficient.
For example: https://mail.google.com/ to read and compose from Gmail. I will need read in order to____ so that my app can ____. I will need compose in order to ____ so that my app can ____ . A narrower scope would not be sufficient because ____.

Read these pages for more information regarding Gmail API Scopes:

OAuth 2.0 Scopes Page
Gmail API Scopes Page
FAQ for Restricted Scopes App Verification

Sign-in Branding

Make sure that the Google sign-in button or any button used to launch Google OAuth complies with the Google sign-in branding guidelines.

App Demonstration Video

Your app demonstration video must satisfy the following requirements:

Video is publicly accessible
OAuth Consent Screen is in English
OAuth Consent Screen shows the App Name
URL bar of the OAuth Consent Screen shows the Client ID containing the project_number fully displayed (Note: this is not required for native Android and iOS apps)
Video shows the OAuth grant process that users will go through.
Shows how the data will be used by showing functionality for each sensitive and restricted scope you've requested.
Shows how data is accessed on each OAuth client. This is required for every OAuth client in your project.

Extra App Demonstration Video Tips and Test Account

If any of your OAuth clients are not ready for production, you should delete or remove them from your project. You can do this in the Google Cloud Console.
If your app is a task automation platform: The video must show how multiple API workflows are created and automated, and which direction user data flows in.
If your app requires registration or features a local login:
Please whitelist or authorize our test email account oauthtest121@gmail.com - this will let us test your app’s functionality.
OR provide us with a username and password of a test account
You do not need to be personally visible in the demo or narrate the video. Demonstrating the process from the keyboard/screen view is fine.
If you cannot fulfill the above requirements because users are currently seeing the "Sign in disabled" screen, make sure you provide us with an email address so that we can temporarily disable the warning screen, allowing you to demonstrate all of the above video requirements.
If you cannot fulfill the above requirements because your app is an add-on that has not yet been published to the GSuite Marketplace, please reply to let us know.

You must follow these requirements to continue with verification. If you don't follow these requirements, we may have to reject your request.

Limited Use Requirements

If your app uses restricted scopes, we'll thoroughly review your Privacy Policy to check that it follows our Limited Use requirements.

If your Privacy Policy follows the Limited Use requirements, we need to know how your app treats user data. You can tell us this, and show how your app follows Google policies, through a public online disclosure. For example, this could be an in-product disclosure on the application homepage, or a public FAQ. You can read more about this requirement in the FAQ.

We suggest adding a disclosure to your app that meets these requirements:

The disclosure must be under 500 characters.
The disclosure must clearly call out that the app complies with the Google API Services User Data Policy, including the Limited Use requirements.
The disclosure must contain a link to the Google API Services User Data Policy so that it's easily accessible to all users.
The disclosure must be accessible on the project’s homepage URL or one click away from the homepage URL.
The disclosure must be easily visible to all users.

Example disclosure: “(App’s) use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.”

If you add a disclosure to your app, please reply directly to this email with the URL to the disclosure and how it can be accessed from your homepage.

Task Automation Apps

If your app is requesting Gmail restricted scopes and is a task automation platform, you may need to follow extra guidelines to get access to restricted scopes. These extra guidelines apply if your app connects user data between apps (like Zapier), and its use of restricted scopes data enhances email for productivity purposes.

Submit your application for these scopes, and we will provide these guidelines during your verification process.

App Types Not Applicable for Verification

The following app types don't require verification. If your app is any one of these types, reply to this email telling us know which one, and we'll let you know the next steps.

Apps for internal use only (single domain use)
Apps for personal use only
Apps that are Gmail SMTP plug-ins for WordPress
Apps that are in development or staging/testing

You can find more information in the OAuth Application Verification FAQ.

To make sure we don't miss your messages, respond directly to this thread to continue with the verification process. Any new emails sent to api-oauth-dev-verification@google.com won't go to our team.
GO TO MY CONSOLE
Share your Feedback
Thanks
The Google Trust & Safety Security & Privacy Team
  Mit Zitat antworten Zitat