I am trying to publish a Google Sheets Add-on. I am working on the Google Workspace Marketplace SDK configuration. The configuration automatically includes the following 2 scopes as defaults:
https://www.googleapis.com/auth/userinfo.email
https://www.googleapis.com/auth/userinfo.profile
The Add-on has no reason to access the user's email or profile. Why are these added? Can I delete them? The only scopes that the script code should need are:
https://www.googleapis.com/auth/script.container.ui
https://www.googleapis.com/auth/spreadsheets.currentonly
When I go to create the OAuth Consent Screen. I am told that I need to create "A Youtube video showing how you plan to use the Google user data that you get from scopes". Am I being asked to do this because of these default scopes that are included?
EDIT: I deleted these 2 scopes and did a SAVE. It confirmed that the edits were saved. But when I refreshed the page, the scopes were back!
The reason why the Trust and Safety team is asking you for the video is because this:
1-Most of the apps that will be public, require certain steps. So the video is one of those.
2-Now, the main reason for the video, is because the scope https://www.googleapis.com/auth/script.container.ui
is part of the restricted scopes. And according to the documentation it needs to go through the verification.
So basically the reason for the video is because you have a restricted scope because this scope allows you to display and run third-party web content in prompts and sidebars inside Google applications. Therefore, it is important for the verification process.
Now in regards to your concern of the default scopes, I was able to remove them and create OAuth consent screen without them.