1

I'm transitioning a Google Docs add-on that was approved when the add-on concept first started (many years ago) from a Docs-only add-on to one that works for both Slides and Docs. In the process, I have had to redefine a lot of things (create a new project) and request authorization for OAuth scopes.

I had assumed that if my add-on had ../auth/documents.currentonly (which is truly all it needs), then I was good to go. I did have to request authorization for external_service and container.ui, which I obtained quickly from Google. So, I published the add-on, and all looked OK. I was able to install it on my test accounts, etc. I've seen the number of public users go from 0 to 63 in about a week.

However, I just got an obscure email from Google saying I had to take action because I didn't have the authorizations:

Apps requesting risky OAuth scopes that have not completed the OAuth developer verification process are limited to 100 new user grants.

The email doesn't specify what scope is risky, however. The OAuth consent screen shows all my APIs that needed authorization are approved (I also have an email showing they were granted authorization):

enter image description here

The consent screen doesn't allow me to request verification (the button is grayed) in its current state. I assume that, since no verification is requested or given for them, the currentonly scopes are not "risky".

I have replied to Google's email (which seems to be automated), and will hopefully get some more info.

In the meantime, I wondered if perhaps I misunderstood the scopes. It was a complex process and I don't remember if ../auth/documents.currentonly was automatically added to the screen, or if I had to add it at some point. I know it comes from a comment in the code of the add-on:

/**
 * @OnlyCurrentDoc
 */

This is explained on https://developers.google.com/apps-script/guides/services/authorization

I'm wondering if the problem is that since my add-on is published, I also need to explicitly add a broader scope: ../auth/documents, which is indeed a scope that requires authorization ("risky"?). My add-on doesn't use other documents than the current one, so that wouldn't make sense to need it. It's how I understood the Google documentation about this.

As an experiment, here's what the screen looks like if I add that scope:

enter image description here

If I add that (and the corresponding one for presentations), I can request another verification (although I am unsure if it's really needed). Do the currentonly scopes also require the broader ones?

Update 2019-12-13

Today, even though I still have no reply to my response to the automated email, I see that my add-on has more than 100 users. That should not have happened according to the email I received, unless something changed. I'm assuming someone resolved the inconsistency on the Google side of things.

Fuhrmanator
  • 11,459
  • 6
  • 62
  • 111
  • Have you published to the Google Suite Marketplace as well? I ran into an issue where my GSM scopes did not match the Cloud Platform scopes. Updating the GSM listing took care of the problem for me. – Brian Dec 11 '19 at 15:22
  • @Brian Publishing (at least last week) was not possible. See https://stackoverflow.com/q/58179055/1168342 for more context. I think much of this chaos is due to the phase-out of Editor add-ons in the Chrome Web Store. I have not yet received any info from Google regarding my emails and support requests, but I see that my old add-on has been removed (unpublished). The new one has the reviews of the old one, so I think it was managed manually and this is a fluke. – Fuhrmanator Dec 11 '19 at 15:47

0 Answers0