Всем доброго времени суток! Имеется проблема: уже второй месяц воюю с гуглом по поводу верификации приложения для редактирования документов через Google Docs на корпоративном портале (большой, несколько тысяч активных пользователей в БД). Также согласно советам ТП битрикса, добавлены скоупы почты (mail.google.com) и календаря. Само приложение уже работает (почта отправляется, документы редактируются), но при авторизации через google аккаунт выскакивает уведомление о том, что приложение неверифицировано. В том числе на неверифицированные приложения накладываются ограничения по кол-ву пользователей и запросов. Гугл упорно отказывается верифицировать приложение, с каждым разом удлиняя портянку требований. То там им кнопка не нравится, то вашему приложению такие скоупы не нужны и вообще переведите приложение во внутреннее (?). Поддержка битрикса отвечает как подобает - "ничем помочь не можем". Ниже привожу текст сообщения, возможно кому-то станет яснее, что на данный момент им нужно. С английским более менее дружу, но требования, которые они описывают, уже правились по 10 раз, и каждый раз становятся всё запутаннее и сложнее.
Скрытый текст
Hi,
Thanks for your patience while we reviewed your project and also confirming to continue with verification. Based on the provided information, we believe this project may be suitable for domain whitelisting. Please let us know if you would like more details on this.
To continue, we wanted to provide some requirements along with the request for an updated demonstration video since the video is missing some functionalities to continue with https://mail.google.com. Please note that if you cannot fully utilize this scope, we suggest a more granular scope for your needs. Based on the the demonstration so far, we suggest https://www.googleapis.com/auth/gmail.readonly and https://www.googleapis.com/auth/gmail.send. This should be sufficient for your requirements. Either way, please do provide us a demonstration video showcasing the full functionality of the scopes required. Please note, you must also confirm the recipient account receiving the email for example.
Please respond directly to this email when your request contains all of the following information:
Security Assessment
If your application can send Google user data from a restricted scope to remote servers, then your app needs to have a security assessment. This assessment is to verify that your app can handle data reasonably securely, and deletes user data upon user request.
Depending on the size and complexity of your app, the cost for the third-party assessment might vary from $8,000 to $75,000. We'll give you further information when your project reaches this stage of the verification process. Until then, please do not pursue a security assessment until you have received instructions from our team.
Respond directly to this email with a YouTube video link that meets all these requirements:
Video is publicly accessible
OAuth Consent Screen is in English
OAuth Consent Screen shows the App Name
URL bar of the OAuth Consent Screen shows the Client ID containing the project_numberfully displayed (Note: this is not required for native Android and iOS apps)
Video shows the OAuth grant process that users will go through.
Shows how the data will be used by showing functionality for each sensitive and restricted scope you've requested.
Shows how data is accessed on each OAuth client. This is required for every OAuth client in your project.
Extra App Demonstration Video Tips
If any of your OAuth clients are not ready for production, you should delete or remove them from your project. You can do this in the Google Cloud Console.
If your app is a task automation platform: The video must show how multiple API workflows are created and automated, and which direction user data flows in.
If your app requires registration or features a local login:
Please whitelist or authorize our test email account oauthtest121@gmail.com - this will let us test your app’s functionality.
OR provide us with a username and password of a test account
You do not need to be personally visible in the demo or narrate the video. Demonstrating the process from the keyboard/screen view is fine.
If you cannot fulfill the above requirements because users are currently seeing the "Sign in disabled" screen, make sure you provide us with an email address so that we can temporarily disable the warning screen, allowing you to demonstrate all of the above video requirements.
If you cannot fulfill the above requirements because your app is an add-on that has not yet been published to the GSuite Marketplace, please reply to let us know.
You must follow these requirements to continue with verification. If you don't follow these requirements, we may have to reject your request.
Limited Use Requirements
If your app uses restricted scopes, we'll thoroughly review your Privacy Policy to check that it follows our Limited Use requirements.
If your Privacy Policy follows the Limited Use requirements, we need to know how your app treats user data. You can tell us this, and show how your app follows Google policies, through a public online disclosure. For example, this could be an in-product disclosure on the application homepage, or a public FAQ. You can read more about this requirement in the FAQ.
We suggest adding a disclosure to your app that meets these requirements:
The disclosure must be under 500 characters.
The disclosure must clearly call out that the app complies with the Google API Services User Data Policy, including the Limited Use requirements.
The disclosure must be accessible on the project’s homepage URL or one click away from the homepage URL.
The disclosure must be easily visible to all users.
Example disclosure: “(App’s) use and transfer to any other app of information received from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.”
If you add a disclosure to your app, please reply directly to this email with the URL to the disclosure and how it can be accessed from your homepage.
Task Automation Apps
If your app is a task automation platform, you may need to follow extra guidelines to get access to restricted scopes. These extra guidelines apply if your app connects user data between apps (like Zapier), and its use of restricted scopes data enhances email for productivity purposes.
Submit your application for these scopes, and we will provide these guidelines during your verification process.
App Types Not Applicable for Verification
The following app types don't require verification. If your app is any one of these types, reply to this email telling us know which one, and we'll let you know the next steps.
To make sure we don't miss your messages, respond directly to this thread to continue with the verification process. Any new emails sent to api-oauth-dev-verification@google.com won't go to our team.
Собственно, в чём вопрос: 1. Возможно ли сделать приложение внутренним без затрат? (Насколько смог понять, нужен аккаунт GSuite и привязка организации к гуглу, а они, вроде как, платные). 2. Может кто-то недавно проходил верификацию и сможет посоветовать, как добить это дело?
Буду рад любой конструктивной критике и советам. Спасибо!