Waiting for Google to put "Google Drive" API into production mode

[ahyatt]

Describe the bug
On signing into Google Drive, I get the following error:

"Sign in with Google temporarily disabled for this app
This app has not been verified yet by Google in order to use Google Sign In."

To Reproduce
Steps to reproduce the behavior:

1. Go to the organice page
2. Click on Sign In
3. Select Google Drive
4. Select account

Expected behavior
I would expect to be logged in

Screenshots
Sign in Issue.pdf

Desktop (please complete the following information):

• OS: Mac OS X
• Browser: Chrome & Safari

Additional context
My account has 2-factor authentication enabled, not sure if that affects the issue.

[munen]

@ahyatt Thank you for the report. It actually does work for me (I just tried logging out and in again). That is not to say that there's something amiss, of course!

@branch14 Can you look into this or give me access to the Google APIs, please?

[branch14]

@ahyatt Thanks for the heads up! 👍

I guess it was working for users that had passed the consent screen. But not for new users. The Google Dev Console "hid" the reason in a popup: "Because you updated the application logo, your consent screen requires verification by Google."

I just resubmitted it for verification. 🤞

I'll leave this issue open as it is not fully resolved, yet.

[munen]

Update: This is what we see in the Google Cloud Console:

They are taking their time...

[munen]

Update: Google still shows no update in the Google Cloud Console:

According to their estimate, it should have been processed any day in the last two weeks. Hence, it should be any day now(;

[ahyatt]

I checked internally at Google, and evidently they have no record of this being a production system and no request for verification. Perhaps this was requested in the wrong way, they referred me to this documentation (once your system in production-ready): https://support.google.com/cloud/answer/9110914#submit-howto.

[ahyatt]

Update: evidently my previous update was wrong - and was about another project named "Organice". Evidently there are several.

At any rate, there was a mistake about not updating scopes during the request submission, and that needs to happen before this can be closed. They will reach out to you and let you know what needs to be done.

[munen]

@ahyatt Thank you for expediting within Google.

FYI: I still don't see an update in the Google Cloud Console. It looks like in the screenshot above.

Hence, I just called the support team. They 'have created a ticket on my behalf', because the support team is not responsible, but the security team is. I'm expected to hear back from the security team within the day.

[branch14]

We just followed up on the changes requested by Google Cloud Platform/API Trust & Safety and resubmitted for verification.

[gooddadmike]

Just discovered this app and got the same issue. 2 months have past. Maybe @ahyatt can look again?

[munen]

@gooddadmike The best way currently is to:

• Use Dropbox or WebDAV
• Set up your own instance of organice, so you configure a private Google Drive key

[ahyatt]

I'll follow up on this internally, but I can't promise anything.

[munen]

Is anyone interested in taking responsiblility for the Google Drive integration? There's a number of open issues which only relate to Google Drive(#107, #109, #127).

From the current maintainers, nobody is using the Google Drive integration and nobody currently has time to spend on it. Generally speaking, the current integration works (if you're an early adopter on organice.200ok.ch or run your own instance to provide your own Google Drive API key). However, the three issues linked above prevent new users to use Google Drive easily.

It would be great if there's at least one person willing to take on proper Google Drive integration. Otherwise, I fear, that the easiest option would be to disable Google Drive until such a time comes.

If someone speaks up, I'd be absolutely willing to share information, help out, do pairing sessions (on Zoom or the like) and do code reviews.

[ahyatt]

I have information on what should happen here. @munen, let's chat about what needs to happen and if it's even possible to have a contributor do this. Let me know how you would like to collaborate (email, chat, etc).

[munen]

@ahyatt Great, thank you for getting involved! 🙏

Initially, the community chat[1] is likely best. Then the discussion is publicly accessible for potentially other contributors. If it makes sense, we can at any point upgrade to a call, of course.

Looking forward to speaking with you^^

1. Community chat: #organice on IRC Freenode, or #organice:matrix.org on Matrix

[munen]

Update: We just received the following mail (I assume triggered by your request, thank you @ahyatt!)

Here’s a Gist of the email: https://gist.github.com/munen/fb52d021468c98f374b8f843827c95ff

It doesn't make things a lot clearer, though. I'd argue we already fulfil the specified critieria. And even if not, I don't think the application will get through without #107 in place. And then there's also #109.

[munen]

Update: Thanks to @ahyatt,, there are some changes to the landing page and privacy policy

#296

[munen]

Hence, we follwed the last mail from Google up with this answer:

Thank you @ahyatt for the good work so far!

I'm crossing fingers that the Google will approve and the stalemate has been deal with 🤞

[munen]

And the infinit rabbit hole that is Google continues:

[munen]

As requested from Google, I have created such a video: https://youtu.be/5TvNWaKAw-M

Here's my answer to them:

[schoettl]

Da kann ich nur einen früheren zitieren:

Es ist schon fast zum Schmunzeln irgendwie... wenn's nicht so traurig wäre.

[munen]

hihi

Indeed, indeed^^

[munen]

And the infinit rabbit hole that is Google continues:

From: API OAuth Dev Verification
Subject: Re: Fwd: Verification Request Received


Appeal Received
[image: Google Cloud Platform]
MY CONSOLE <https://console.cloud.google.com>
[image: Notification] Your Google Cloud Project: quickstart-123
    Action Needed
Hi Developer

Thank you for providing the requested YouTube demo video.

Please fix the issues listed below so that we can continue with the
verification process.

*Demo Video*

YouTube demo video:https://youtu.be/5TvNWaKAw-M

Unfortunately, we found that your YouTube demo video isn't detailed enough.
The video doesn't show the following

   - *Client ID: *(Please see attached screenshot for example)
   - *Permissions Page: *Please see below

The Permissions Page may not be viewable due to using an account that
has already
been granted permission to the application: Organice. (As shown in 1:06
<https://youtu.be/5TvNWaKAw-M?t=66> of your Youtube demo video)

   - Permissions Page only appears for new users, who have not granted
   permission to the application: *Organice*.
   - Alternatively, you may revoke permission of the account you are
   currently using, so that you are able to encounter the Permissions Page.

Please provide the previously requested YouTube demo video by using a new
user account to initiate the Permissions Page when demonstrating the OAuth
process flow.

Note: You may refer to Figure 2: Unverified app authorization flow on our OAuth
Client Verification
<https://developers.google.com/apps-script/guides/client-verification>
page, which showcases how to demonstrate the full OAuth Sign-in process in
order to satisfy the demo video requirement
<https://support.google.com/cloud/answer/9110914#verification-requirements>.

Reply to this email and provide a YouTube link to a *new demo video* that
shows, in detail:

   1. How to log into your project.
      - Make sure that the URL bar with the client ID is clearly visible.
   2. How to request an OAuth token on the OAuth Consent Screen/Permissions
   Page.
   3. How your project uses the requested scopes.
      - Read the *OAuth 2.0 Scopes
      <https://developers.google.com/identity/protocols/googlescopes> *page
      for information on scopes.

You can find more information in the OAuth Application Verification FAQ
<https://support.google.com/cloud/answer/9110914>.  If you have other
questions, please reply to this email to make sure your messages are not
missed.

[munen]

I've made another video and answered the Google support:

[munen]

@ahyatt If you're still interested in seeing Google Drive support for organice.200ok.ch, I'd be happy if you can internally help expedite this matter.

[aspiers]

Urgh. This looks very similar to the nightmare I had with pushing another app through the droids in the app review teams at Facebook :-( Thanks and congratulations for your patience and perseverance on this @munen!

[ahyatt]

I'll see what I can do - thanks for bearing with the process. The response is reasonable, I think.

[munen]

And another request from the Google team:

Dear Developer,

Thank you for providing the requested YouTube demo video

It appears you are unable to show the permissions page for the In-Review
client_id: 744091668516 due to the sign-in temporarily disabled screen.

Please provide an account for us to whitelist, so that you may provide the
requested YouTube demo video for the In-Review client_id: 744091668516.

We will temporarily add this account to our review team’s test group while
we are verifying your application. Please do not modify membership during
this time. We will remove this account at the conclusion of our review.

[munen]

And my answer:

Dear Sir or Madam

Please whitelist the account I used in the last screencast: wiffbubbles@me.com

Best regards,
Alain M. Lafon

[munen]

And another request from the Google team:

Hi Developer,

Thanks for your response.

We have temporarily whitelisted the account: wiffbubbles@me.com

To continue with the verification process, you need to create and provide a
link to a YouTube video that shows how you’ll use the data you access using
OAuth scopes. The demo video should detail, in *English*:

   1.

   How to log into your project (ensuring that the URL bar with the *client
   ID is clearly visible*)
   2.

   How to request an OAuth token (OAuth Consent Screen/Permissions Page)
   - You may refer to Figure 2: Unverified app authorization flow on our OAuth
      Client Verification
      <https://developers.google.com/apps-script/guides/client-verification>
      page, which showcases the full OAuth Sign-in process.
   3.

   How your project's functionality utilizes the requested scopes:
   -

      *https://www.googleapis.com/auth/drive
      <https://www.googleapis.com/auth/drive>*
      -

         *See*, *edit*, *create*, and *delete* all of your Google Drive
         files
         -

      *https://www.googleapis.com/auth/drive.metadata
      <https://www.googleapis.com/auth/drive.metadata>*
      - *View* and *manage* metadata of files in your Google Drive
      4. Demonstrate that functionality was successfully achieved.
      - Please note, we must verify that any changes made via the
      application are *successfully reflected in the user’s Google Drive.*

*You don’t need to be personally visible in the demo or narrate the video.
Demonstrating the process from the keyboard/screen view is fine.*

[munen]

And my answer:

Hi Google

For your questions 1 and 2, please see this video: https://youtu.be/JJyGQVcQ1Uc

For your questions 3 and 4, please see my original screencast for you, starting at 2:41: https://youtu.be/5TvNWaKAw-M?t=161

Thank you for enabling Google Drive login for all organice users, now. It would be great if after 7 months of back and forth and lots of waiting this issue could finally be dealt with.

Best regards,
Alain M. Lafon

[munen]

And another request from the Google team:

Dear Developer,

Thank you for providing the requested YouTube demo video.

When reviewing the demo video, we noticed a *discrepancy* between the
sensitive scopes you submitted for review and the scopes requested by your
app:

*Scopes Submitted for Review​*

   - https://www.googleapis.com/auth/drive
   - https://www.googleapis.com/auth/drive.metadata

*Scopes Request by your App*

(Please see YouTube video at 2:42 <https://youtu.be/JJyGQVcQ1Uc?t=162> for
reference)

   - https://www.googleapis.com/auth/drive

To proceed with the verification process, please update either of the
following:

   - Update the scopes you submitted for review using the scope picker in
   the Google Cloud Console <https://console.cloud.google.com/> to MATCH
   the scopes shown in your video.

[munen]

My answer:

Dear Sir or Madam

Thank you for the information.

As requested, I have removed the scope https://www.googleapis.com/auth/drive.metadata in the Google Cloud Console.

Please enable the application for production use.

Best regards,
Alain M. Lafon

[munen]

Google has finally answered:

Appeal Received
[image: Google Cloud Platform]
MY CONSOLE <https://console.cloud.google.com>
[image: Notification] Your Google Cloud Project: quickstart-1567408982418
    [Action Needed]
Hi Developer,

Thank you for your patience while we reviewed your project.

Please fix the issues listed below so that we can continue with the
verification process.

*App Functionality*

YouTube demo video: https://youtu.be/JJyGQVcQ1Uc

Unfortunately, we found that your YouTube demo video isn't detailed enough. The
video doesn't show how your app *Organice* uses the requested scope in
regards to its definition:

   - *https://www.googleapis.com/auth/drive
   <https://www.googleapis.com/auth/drive>*
   - See, *edit*, *create*, and *delete* all of your Google Drive files

Reply to this email and provide a YouTube link to a *new demo video* that
shows, in detail:

   1. How to log into your project.
      - Make sure that the URL bar with the client ID is clearly
visible. (Please
      see attached screenshot for examples)
   2. How to request an OAuth token on the OAuth Consent Screen/Permissions
   Page.
      - You may refer to Figure 2: Unverified app authorization flow
on our OAuth
      Client Verification
      <https://developers.google.com/apps-script/guides/client-verification>
      page, which showcases the full OAuth Sign-in process.
   3. How your project uses the scope listed above.
      - Read the *OAuth 2.0 Scopes
      <https://developers.google.com/identity/protocols/googlescopes> *page
      for information on scopes.

You can find more information in the OAuth Application Verification FAQ
<https://support.google.com/cloud/answer/9110914>.  *If you have other
questions, please reply to this email to make sure your messages are not
missed.* Any new emails sent to api-oauth-dev-verification@google.com won't
go to our team.
GO TO MY CONSOLE <https://console.cloud.google.com>
Thanks,
The Google Cloud Trust & Safety Team
[image: Google]
© 2019 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043

You have received this mandatory service announcement to update you about
important changes to Google Cloud Platform or your account.

[munen]

For me, this is it. I don't see another actionable task in their email. They have received the demos they are asking for multiple times over by now.

If anyone wants to take this over, please speak up.

The next time I have to work on Google related things regarding organice, I will remove Google Drive integration from organice which will fix issues #109 and #107.

[ahyatt]

That seems reasonable. I raised the issue internally at Google, and someone said that if the scope was drive.file along with the Google picker API (I don't know what that is) the process is much easier.

[munen]

That seems reasonable. I raised the issue internally at Google, and someone said that if the scope was drive.file along with the Google picker API (I don't know what that is) the process is much easier.

Thanks for raising it internally. Unfortunately, I also don't know what the Google picker API is.

[cameronraysmith]

It is presumably the window used to allow users to select the specific paths or files within their drive to which they would like to grant access to third parties https://developers.google.com/picker/docs as opposed to providing access to the entire drive.

[munen]

Hi @cameronraysmith

Thank you for getting involved!

It could be that the scope is the reason, but they didn't say so. Since they didn't say, it could be basically anything.

Having said so, people have different preferences - for Dropbox, we also give access to the whole drive. The rationale is easy and documented: https://organice.200ok.ch/documentation.html#faq_dropbox

[munen]

There's more users asking about Google Drive via various channels (including private email). I've added a bit of a help in the hopes that there will be fewer mails in the future.

On sign in, there's the option to click on 'important news' for Google Drive. Then, this is shown:

[alphapapa]

@munen I am late to this thread, but I just want to offer praise for your inhuman patience with Google's inhumane reviews.

[munen]

@alphapapa You're the best and you have made my day. Thank you 🙏 🙇