Be careful everybody who is using OAuth 2.0 to access Gmail/Google/Gsuite APIs!

  • Resolved diegocanal

    (@diegocanal)


    5 years, 10 months ago

    Hi,

    Watch out if you’re using the OAuth 2.0 implementations of Gmail. Today I got the following email from Google:

    [Action Required] Submit your app(s) for Restricted Scopes OAuth verification

    Hi Google API Developer,

    We sent this email because you’re listed as a contact on the following Google Cloud Project(s) using OAuth 2.0 to access Google APIs:

    postman-smtp-xxxxxxxxxxx

    In October 2018, we announced that, in January 2019, new Gmail API policies for restricted scopes will go into effect. We want to let you know that, starting today, you can submit your app(s) that use restricted scopes for verification. Please review the full policy and OAuth FAQ for more information including the secure handling requirement.

    What you need to do
    If you want to use one of the restricted scopes, for verification through the Google API Console (On the left side menu click Credentials, then click OAuth consent screen) between January 16th and February 15th, 2019 for the project(s) listed above. Owners and editors of the project will be able to submit for verification and developers with internal apps for users in the same G Suite domain do not need to do this.

    If you do not take action
    If you do not submit for verification by February 15th, 2019, we’ll disable account access for new users on February 22nd, 2019.

    If you do not submit for verification by March 31st, 2019, we’ll revoke existing consumer grants.

    Thanks,
    Google Cloud Platform/API Trust & Safety

    ? 2019 Google LLC. 1600 Amphitheatre Parkway, Mountain View, CA 94043

    We sent this message to alert you to important upcoming changes to Google Apps platforms.

Viewing 5 replies - 1 through 5 (of 5 total)

  • Hello dear friend!

    How are you?

    According to the FAQs, you do not need to request for verification if your app is going to be used in any of the following scenarios:

    • The app is not shared with anyone else.
    • The app is used to send emails through WordPress, or similar single account SMTP plug-ins.
    • The owner and users of your apps belong to the same G Suite domain or customer.
    • The app is trying to access data from users’ Google Cloud Platform project. For instructions on using a service account, see Using OAuth 2.0 for Server to Server Applications.
    Thread Starter diegocanal

    (@diegocanal)

    Hello Yehudah!

    OK, I had missed that piece of information. Thanks for pointing that out.

    Sorry for the false alarm I was too impulsive. In the past I had a bad experience with a similar situation. That time it affected Postman deliverability through oAuth 2 to Gmail servers. Many days passed until I realised there was a problem, a pretty big mess.

    You’ve been doing a great job improving and maintaining this plugin. Thank you!

    Never say sorry, because users like you Post SMTP grow and improved.

    Thank you for the kind words and please keep comment and alarm ??

    Hi yehudah,

    Your plugin is great. Today I also receive this email. Should I simply ignore and no need to reply them?

    Hi @apwordpress

    If your site config match the exception above you can ignore.

Viewing 5 replies - 1 through 5 (of 5 total)
  • The topic ‘Be careful everybody who is using OAuth 2.0 to access Gmail/Google/Gsuite APIs!’ is closed to new replies.