• This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn more.

Fixed Verify Your Google API Project

Sim

Well-known member
#1
I received the following email from Google:

Verify Your Google API Project

Hello Developer of _____,
You’re receiving this email because you’re listed as a contact on the Google Cloud Project that uses OAuth 2.0 to access Google APIs for your app: ______.
In July, we announced new security protections to protect users from malicious and deceptive apps. As part of that effort, we need you to submit your app for verification.
If you don’t submit the verification form by the deadline, your users will begin to see the “Unverified App” screen.

I'm assuming this is the Google logon integration for XenForo - pretty sure that's the only Google API thing I'm using on my site?

Has anyone submitted the verification for their XenForo site? Does it work? Is there anything required at the XenForo end for this verification to pass?
 

Brogan

XenForo moderator
Staff member
#2
Yes, it's for log in via Google.

It's a Google thing, not an XF thing so nothing needs to change in XF.

Google now require them to be verified and a privacy policy is required.
Your privacy policy should be posted at the domain you have verified and should disclose the manner in which your app accesses, uses, stores, and shares Google user data.
 

Moshe1010

Well-known member
#3
What should we answer here?

Which scopes does your app need access to? *
User data accessed through these apps must be approved. Please include full scope names separated by a comma.

Example: https://www.googleapis.com/auth/calendar.readonly

A full list of scopes can be seen here: https://developers.google.com/identity/protocols/googlescopes


List the specific ways your app will use each of the scopes you're requesting and explain the features in your app that require these scopes. *
Example: my app will use https://www.googleapis.com/auth/calendar.readonly to show a user's calendar data on the scheduling screen of my app to help users manage their schedule directly through my app.
 

markku

Well-known member
#4
Yeah, definitely need some help here.

And what kind of Privacy Policy are Google expecting? Are there any examples a site can use?
 
#5
What should we answer here?

Which scopes does your app need access to? *
User data accessed through these apps must be approved. Please include full scope names separated by a comma.

Example: https://www.googleapis.com/auth/calendar.readonly

A full list of scopes can be seen here: https://developers.google.com/identity/protocols/googlescopes


List the specific ways your app will use each of the scopes you're requesting and explain the features in your app that require these scopes. *
Example: my app will use https://www.googleapis.com/auth/calendar.readonly to show a user's calendar data on the scheduling screen of my app to help users manage their schedule directly through my app.
Were you able to find the answer to this? I'm dealing with the same thing currently.
 

Mike

XenForo developer
Staff member
#7
In XF2, I don't believe this verification is needed. The FAQ specifically mentions that you can skip the process if "I am using this app to allow users to sign-in to my platform using their basic profile information". Later, this is specifically mentioned as the "Google Sign-in scopes" and that's what we use.

It does look like XF1 uses a legacy scope in the JS, so we can likely change this so it isn't needed and that should prevent this from being required.
 

Chris D

XenForo developer
Staff member
#8
We've made a change in the next 1.5 release to account for this, which reduces the number of permissions required to use the Google integration.

To modify this for your own site now edit the js/xenforo/xenforo.js file and find:
JavaScript:
https://www.googleapis.com/auth/plus.login email
And replace with:
JavaScript:
profile email
However, what I'm not sure about is whether this will satisfy Google if you already have users who have approved scopes that require the verification. It may be the case of deleting that existing app set up and creating it again, but I'm not sure about that.