We currently have a verified app in production and need to add a new scope to it. Currently, we are using the 'https://www.googleapis.com/auth/admin.directory.user' scope, which includes user management permissions. However, we only require read-only access for importing users using Google Workspace, aiming for a minimal permission system. Therefore, we plan to replace the existing scope with 'https://www.googleapis.com/auth/admin.directory.user.readonly'.
Based on my research, I understand that this change will transition our app to an unverified state. As a result, customers who need to add credentials will be presented with a warning message stating, 'Google hasn't verified this app.' While we can accept this warning, we want to ensure that our existing customers who have already granted access to our app won't encounter any issues.
My question is, during the re-verification process, will our existing customers experience any problems? Specifically, will the tokens granted prior to the re-verification be revoked, or will they remain valid? Can we continue to make API requests using those tokens without any disruptions? It is crucial for us to avoid causing any inconvenience to our existing customers.
We tried to search for this case in the google app verification documentation but did not find anything useful.
