Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Waiting for Google to put "Google Drive" API into production mode #127

Closed
ahyatt opened this issue Dec 1, 2019 · 41 comments · Fixed by #817
Closed

Waiting for Google to put "Google Drive" API into production mode #127

ahyatt opened this issue Dec 1, 2019 · 41 comments · Fixed by #817
Assignees
Labels
bug Something isn't working waiting

Comments

@ahyatt
Copy link
Contributor

ahyatt commented Dec 1, 2019

Describe the bug
On signing into Google Drive, I get the following error:

"Sign in with Google temporarily disabled for this app
This app has not been verified yet by Google in order to use Google Sign In."

To Reproduce
Steps to reproduce the behavior:

  1. Go to the organice page
  2. Click on Sign In
  3. Select Google Drive
  4. Select account

Expected behavior
I would expect to be logged in

Screenshots
Sign in Issue.pdf

Desktop (please complete the following information):

  • OS: Mac OS X
  • Browser: Chrome & Safari

Additional context
My account has 2-factor authentication enabled, not sure if that affects the issue.

@ahyatt ahyatt added the bug Something isn't working label Dec 1, 2019
@munen
Copy link
Collaborator

munen commented Dec 2, 2019

@ahyatt Thank you for the report. It actually does work for me (I just tried logging out and in again). That is not to say that there's something amiss, of course!

@branch14 Can you look into this or give me access to the Google APIs, please?

@branch14
Copy link
Member

branch14 commented Dec 2, 2019

@ahyatt Thanks for the heads up! 👍

I guess it was working for users that had passed the consent screen. But not for new users. The Google Dev Console "hid" the reason in a popup: "Because you updated the application logo, your consent screen requires verification by Google."

I just resubmitted it for verification. 🤞

I'll leave this issue open as it is not fully resolved, yet.

@munen
Copy link
Collaborator

munen commented Jan 13, 2020

Update: This is what we see in the Google Cloud Console:

image

They are taking their time...

@munen
Copy link
Collaborator

munen commented Jan 27, 2020

Update: Google still shows no update in the Google Cloud Console:

image

According to their estimate, it should have been processed any day in the last two weeks. Hence, it should be any day now(;

@ahyatt
Copy link
Contributor Author

ahyatt commented Feb 4, 2020

I checked internally at Google, and evidently they have no record of this being a production system and no request for verification. Perhaps this was requested in the wrong way, they referred me to this documentation (once your system in production-ready): https://support.google.com/cloud/answer/9110914#submit-howto.

@ahyatt
Copy link
Contributor Author

ahyatt commented Feb 5, 2020

Update: evidently my previous update was wrong - and was about another project named "Organice". Evidently there are several.

At any rate, there was a mistake about not updating scopes during the request submission, and that needs to happen before this can be closed. They will reach out to you and let you know what needs to be done.

@munen
Copy link
Collaborator

munen commented Feb 5, 2020

@ahyatt Thank you for expediting within Google.

FYI: I still don't see an update in the Google Cloud Console. It looks like in the screenshot above.

Hence, I just called the support team. They 'have created a ticket on my behalf', because the support team is not responsible, but the security team is. I'm expected to hear back from the security team within the day.

@branch14
Copy link
Member

We just followed up on the changes requested by Google Cloud Platform/API Trust & Safety and resubmitted for verification.

@branch14 branch14 pinned this issue Feb 12, 2020
@munen munen unpinned this issue Feb 12, 2020
@munen munen changed the title Google Drive temporarily disabled Waiting for Google to put "Google Drive" API into production mode Feb 12, 2020
@gooddadmike
Copy link

Just discovered this app and got the same issue. 2 months have past. Maybe @ahyatt can look again?

@munen
Copy link
Collaborator

munen commented Apr 27, 2020

@gooddadmike The best way currently is to:

  • Use Dropbox or WebDAV
  • Set up your own instance of organice, so you configure a private Google Drive key

@ahyatt
Copy link
Contributor Author

ahyatt commented May 6, 2020

I'll follow up on this internally, but I can't promise anything.

@munen
Copy link
Collaborator

munen commented May 6, 2020

Is anyone interested in taking responsiblility for the Google Drive integration? There's a number of open issues which only relate to Google Drive(#107, #109, #127).

From the current maintainers, nobody is using the Google Drive integration and nobody currently has time to spend on it. Generally speaking, the current integration works (if you're an early adopter on organice.200ok.ch or run your own instance to provide your own Google Drive API key). However, the three issues linked above prevent new users to use Google Drive easily.

It would be great if there's at least one person willing to take on proper Google Drive integration. Otherwise, I fear, that the easiest option would be to disable Google Drive until such a time comes.

If someone speaks up, I'd be absolutely willing to share information, help out, do pairing sessions (on Zoom or the like) and do code reviews.

@ahyatt
Copy link
Contributor Author

ahyatt commented May 7, 2020

I have information on what should happen here. @munen, let's chat about what needs to happen and if it's even possible to have a contributor do this. Let me know how you would like to collaborate (email, chat, etc).

@munen
Copy link
Collaborator

munen commented May 7, 2020

@ahyatt Great, thank you for getting involved! 🙏

Initially, the community chat[1] is likely best. Then the discussion is publicly accessible for potentially other contributors. If it makes sense, we can at any point upgrade to a call, of course.

Looking forward to speaking with you^^

  1. Community chat: #organice on IRC Freenode, or #organice:matrix.org on Matrix

@munen
Copy link
Collaborator

munen commented May 7, 2020

Update: We just received the following mail (I assume triggered by your request, thank you @ahyatt!)

image

Here’s a Gist of the email: https://gist.github.com/munen/fb52d021468c98f374b8f843827c95ff

It doesn't make things a lot clearer, though. I'd argue we already fulfil the specified critieria. And even if not, I don't think the application will get through without #107 in place. And then there's also #109.

@munen
Copy link
Collaborator

munen commented May 11, 2020

Update: Thanks to @ahyatt,, there are some changes to the landing page and privacy policy

#296

@munen
Copy link
Collaborator

munen commented May 11, 2020

Hence, we follwed the last mail from Google up with this answer:

image

Thank you @ahyatt for the good work so far!

I'm crossing fingers that the Google will approve and the stalemate has been deal with 🤞

@munen
Copy link
Collaborator

munen commented May 14, 2020

And the infinit rabbit hole that is Google continues:

image

@munen
Copy link
Collaborator

munen commented May 18, 2020

As requested from Google, I have created such a video: https://youtu.be/5TvNWaKAw-M

Here's my answer to them:
image

@schoettl
Copy link
Collaborator

Da kann ich nur einen früheren zitieren:

Es ist schon fast zum Schmunzeln irgendwie... wenn's nicht so traurig wäre.

@munen
Copy link
Collaborator

munen commented May 18, 2020

hihi

Indeed, indeed^^

@munen
Copy link
Collaborator

munen commented Jun 14, 2020

And the infinit rabbit hole that is Google continues:

From: API OAuth Dev Verification
Subject: Re: Fwd: Verification Request Received


Appeal Received
[image: Google Cloud Platform]
MY CONSOLE <https://console.cloud.google.com>
[image: Notification] Your Google Cloud Project: quickstart-123
    Action Needed
Hi Developer

Thank you for providing the requested YouTube demo video.

Please fix the issues listed below so that we can continue with the
verification process.

*Demo Video*

YouTube demo video:https://youtu.be/5TvNWaKAw-M

Unfortunately, we found that your YouTube demo video isn't detailed enough.
The video doesn't show the following

   - *Client ID: *(Please see attached screenshot for example)
   - *Permissions Page: *Please see below

The Permissions Page may not be viewable due to using an account that
has already
been granted permission to the application: Organice. (As shown in 1:06
<https://youtu.be/5TvNWaKAw-M?t=66> of your Youtube demo video)

   - Permissions Page only appears for new users, who have not granted
   permission to the application: *Organice*.
   - Alternatively, you may revoke permission of the account you are
   currently using, so that you are able to encounter the Permissions Page.

Please provide the previously requested YouTube demo video by using a new
user account to initiate the Permissions Page when demonstrating the OAuth
process flow.

Note: You may refer to Figure 2: Unverified app authorization flow on our OAuth
Client Verification
<https://developers.google.com/apps-script/guides/client-verification>
page, which showcases how to demonstrate the full OAuth Sign-in process in
order to satisfy the demo video requirement
<https://support.google.com/cloud/answer/9110914#verification-requirements>.

Reply to this email and provide a YouTube link to a *new demo video* that
shows, in detail:

   1. How to log into your project.
      - Make sure that the URL bar with the client ID is clearly visible.
   2. How to request an OAuth token on the OAuth Consent Screen/Permissions
   Page.
   3. How your project uses the requested scopes.
      - Read the *OAuth 2.0 Scopes
      <https://developers.google.com/identity/protocols/googlescopes> *page
      for information on scopes.

You can find more information in the OAuth Application Verification FAQ
<https://support.google.com/cloud/answer/9110914>.  If you have other
questions, please reply to this email to make sure your messages are not
missed.

@munen
Copy link
Collaborator

munen commented Jun 14, 2020

I've made another video and answered the Google support:

image

@munen
Copy link
Collaborator

munen commented Jun 14, 2020

@ahyatt If you're still interested in seeing Google Drive support for organice.200ok.ch, I'd be happy if you can internally help expedite this matter.

@aspiers
Copy link

aspiers commented Jun 14, 2020

Urgh. This looks very similar to the nightmare I had with pushing another app through the droids in the app review teams at Facebook :-( Thanks and congratulations for your patience and perseverance on this @munen!

@ahyatt
Copy link
Contributor Author

ahyatt commented Jun 16, 2020

I'll see what I can do - thanks for bearing with the process. The response is reasonable, I think.

@munen
Copy link
Collaborator

munen commented Jun 16, 2020

And another request from the Google team:

Dear Developer,

Thank you for providing the requested YouTube demo video

It appears you are unable to show the permissions page for the In-Review
client_id: 744091668516 due to the sign-in temporarily disabled screen.

Please provide an account for us to whitelist, so that you may provide the
requested YouTube demo video for the In-Review client_id: 744091668516.

We will temporarily add this account to our review team’s test group while
we are verifying your application. Please do not modify membership during
this time. We will remove this account at the conclusion of our review.

@munen
Copy link
Collaborator

munen commented Jun 16, 2020

And my answer:

Dear Sir or Madam

Please whitelist the account I used in the last screencast: wiffbubbles@me.com

Best regards,
Alain M. Lafon

@munen
Copy link
Collaborator

munen commented Jun 18, 2020

And another request from the Google team:

Hi Developer,

Thanks for your response.

We have temporarily whitelisted the account: wiffbubbles@me.com

To continue with the verification process, you need to create and provide a
link to a YouTube video that shows how you’ll use the data you access using
OAuth scopes. The demo video should detail, in *English*:

   1.

   How to log into your project (ensuring that the URL bar with the *client
   ID is clearly visible*)
   2.

   How to request an OAuth token (OAuth Consent Screen/Permissions Page)
   - You may refer to Figure 2: Unverified app authorization flow on our OAuth
      Client Verification
      <https://developers.google.com/apps-script/guides/client-verification>
      page, which showcases the full OAuth Sign-in process.
   3.

   How your project's functionality utilizes the requested scopes:
   -

      *https://www.googleapis.com/auth/drive
      <https://www.googleapis.com/auth/drive>*
      -

         *See*, *edit*, *create*, and *delete* all of your Google Drive
         files
         -

      *https://www.googleapis.com/auth/drive.metadata
      <https://www.googleapis.com/auth/drive.metadata>*
      - *View* and *manage* metadata of files in your Google Drive
      4. Demonstrate that functionality was successfully achieved.
      - Please note, we must verify that any changes made via the
      application are *successfully reflected in the user’s Google Drive.*

*You don’t need to be personally visible in the demo or narrate the video.
Demonstrating the process from the keyboard/screen view is fine.*

@munen
Copy link
Collaborator

munen commented Jun 18, 2020

And my answer:

Hi Google

For your questions 1 and 2, please see this video: https://youtu.be/JJyGQVcQ1Uc

For your questions 3 and 4, please see my original screencast for you, starting at 2:41: https://youtu.be/5TvNWaKAw-M?t=161

Thank you for enabling Google Drive login for all organice users, now. It would be great if after 7 months of back and forth and lots of waiting this issue could finally be dealt with.

Best regards,
Alain M. Lafon

@munen
Copy link
Collaborator

munen commented Jun 26, 2020

And another request from the Google team:

Dear Developer,

Thank you for providing the requested YouTube demo video.

When reviewing the demo video, we noticed a *discrepancy* between the
sensitive scopes you submitted for review and the scopes requested by your
app:

*Scopes Submitted for Review​*

   - https://www.googleapis.com/auth/drive
   - https://www.googleapis.com/auth/drive.metadata

*Scopes Request by your App*

(Please see YouTube video at 2:42 <https://youtu.be/JJyGQVcQ1Uc?t=162> for
reference)

   - https://www.googleapis.com/auth/drive

To proceed with the verification process, please update either of the
following:

   - Update the scopes you submitted for review using the scope picker in
   the Google Cloud Console <https://console.cloud.google.com/> to MATCH
   the scopes shown in your video.

@munen
Copy link
Collaborator

munen commented Jun 26, 2020

My answer:

Dear Sir or Madam

Thank you for the information.

As requested, I have removed the scope https://www.googleapis.com/auth/drive.metadata in the Google Cloud Console.

Please enable the application for production use.

Best regards,
Alain M. Lafon

@munen
Copy link
Collaborator

munen commented Jul 8, 2020

Google has finally answered:

Appeal Received
[image: Google Cloud Platform]
MY CONSOLE <https://console.cloud.google.com>
[image: Notification] Your Google Cloud Project: quickstart-1567408982418
    [Action Needed]
Hi Developer,

Thank you for your patience while we reviewed your project.

Please fix the issues listed below so that we can continue with the
verification process.

*App Functionality*

YouTube demo video: https://youtu.be/JJyGQVcQ1Uc

Unfortunately, we found that your YouTube demo video isn't detailed enough. The
video doesn't show how your app *Organice* uses the requested scope in
regards to its definition:

   - *https://www.googleapis.com/auth/drive
   <https://www.googleapis.com/auth/drive>*
   - See, *edit*, *create*, and *delete* all of your Google Drive files

Reply to this email and provide a YouTube link to a *new demo video* that
shows, in detail:

   1. How to log into your project.
      - Make sure that the URL bar with the client ID is clearly
visible. (Please
      see attached screenshot for examples)
   2. How to request an OAuth token on the OAuth Consent Screen/Permissions
   Page.
      - You may refer to Figure 2: Unverified app authorization flow
on our OAuth
      Client Verification
      <https://developers.google.com/apps-script/guides/client-verification>
      page, which showcases the full OAuth Sign-in process.
   3. How your project uses the scope listed above.
      - Read the *OAuth 2.0 Scopes
      <https://developers.google.com/identity/protocols/googlescopes> *page
      for information on scopes.

You can find more information in the OAuth Application Verification FAQ
<https://support.google.com/cloud/answer/9110914>.  *If you have other
questions, please reply to this email to make sure your messages are not
missed.* Any new emails sent to api-oauth-dev-verification@google.com won't
go to our team.
GO TO MY CONSOLE <https://console.cloud.google.com>
Thanks,
The Google Cloud Trust & Safety Team
[image: Google]
© 2019 Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043

You have received this mandatory service announcement to update you about
important changes to Google Cloud Platform or your account.

@munen
Copy link
Collaborator

munen commented Jul 8, 2020

For me, this is it. I don't see another actionable task in their email. They have received the demos they are asking for multiple times over by now.

If anyone wants to take this over, please speak up.

The next time I have to work on Google related things regarding organice, I will remove Google Drive integration from organice which will fix issues #109 and #107.

@ahyatt
Copy link
Contributor Author

ahyatt commented Jul 8, 2020

That seems reasonable. I raised the issue internally at Google, and someone said that if the scope was drive.file along with the Google picker API (I don't know what that is) the process is much easier.

@munen
Copy link
Collaborator

munen commented Jul 8, 2020

That seems reasonable. I raised the issue internally at Google, and someone said that if the scope was drive.file along with the Google picker API (I don't know what that is) the process is much easier.

Thanks for raising it internally. Unfortunately, I also don't know what the Google picker API is.

@cameronraysmith
Copy link

It is presumably the window used to allow users to select the specific paths or files within their drive to which they would like to grant access to third parties https://developers.google.com/picker/docs as opposed to providing access to the entire drive.

@munen
Copy link
Collaborator

munen commented Oct 5, 2020

Hi @cameronraysmith

Thank you for getting involved!

It could be that the scope is the reason, but they didn't say so. Since they didn't say, it could be basically anything.

Having said so, people have different preferences - for Dropbox, we also give access to the whole drive. The rationale is easy and documented: https://organice.200ok.ch/documentation.html#faq_dropbox

@munen
Copy link
Collaborator

munen commented Oct 23, 2020

There's more users asking about Google Drive via various channels (including private email). I've added a bit of a help in the hopes that there will be fewer mails in the future.

On sign in, there's the option to click on 'important news' for Google Drive. Then, this is shown:

image

@alphapapa
Copy link

@munen I am late to this thread, but I just want to offer praise for your inhuman patience with Google's inhumane reviews.

@munen
Copy link
Collaborator

munen commented Jun 9, 2022

@alphapapa You're the best and you have made my day. Thank you 🙏 🙇

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
bug Something isn't working waiting
Projects
None yet
Development

Successfully merging a pull request may close this issue.

8 participants