I am attempting to publish an external Sheets Editor Add-on in Google Workspace Marketplace. The app is developed in Apps Script and uses the scopes below shown further below.
The Workspace Oauth consent team has verified the scopes and put the app in the "production" state in the SDK.
At the next hurdle, the Google Workspace Marketplace Review Team keeps experiencing an unverified scope consent screen directing advanced users to proceed with an 'unsafe' app. I cannot reproduce this additional consent in our test accounts. See the Review team's screenshots here https://photos.app.goo.gl/tTVk4NrxonyFv8iGA . The consent screen askes the user to agree to allowing the app to "See, edit, create and delete ALL your Google Sheets spreadsheets" which is not the case for the scopes I use.
The actual scope in the configuration and the manifest file that has been verified is:
https://www.googleapis.com/auth/spreadsheets.currentonly
which is the narrow version of the scope that restricts it to the current sheet only.
The other scope vefified is https://www.googleapis.com/auth/script.container.ui.
Below is the manifest lines.
"oauthScopes": [
"https://www.googleapis.com/auth/spreadsheets.currentonly",
"https://www.googleapis.com/auth/script.container.ui"
],
If someone can point me in the right direction to solve this issue between the scope verification team and the review team that would be very helpful. They don't talk to each other.
Thank you in advance,
John
My expectations are that the scopes verified are the scope consents being reviewed by the Review team. I have not added or removed any scopes from the SDK or in the manifest.
If this has been answered elsewhere, please post the link.
which is the narrow version of the scope that restricts it to the current sheet only.
That is not available you can check the discovery document: https://sheets.googleapis.com/$discovery/rest?version=v4 OR the public documentation https://developers.google.com/sheets/api/scopes
This scope is not listed https://www.googleapis.com/auth/spreadsheets.currentonly
You are receiving this error either because your input OAuth2 scope name is invalid
or it refers to a newer scope that is outside the domain of this legacy API.
This API was built at a time when the scope name format was not yet standardized.
This is no longer the case and all valid scope names (both old and new) are catalogued at
https://developers.google.com/identity/protocols/oauth2/scopes.
Use that webpage to lookup (manually) the scope name
associated with the API you are trying to call and use it
to craft your OAuth2 request.
setting the correct scope will fix this