I’ve been working with Google’s email APIs and noticed that their updated OAuth guidelines now require app verification for specific permission scopes. Currently my application uses some of these restricted permissions, but I’m thinking about switching to only use unrestricted scopes instead.
My main concern is whether changing to non-restricted scopes means I can avoid the verification process entirely. I’m also worried about what happens to other permissions my app already has, like Google Drive access. Will those existing permissions get removed if I don’t complete verification? And will users still see warning messages about my app being unverified even if I only use safe scopes?
Has anyone dealt with this situation before? I want to make sure I understand the implications before making changes to my OAuth setup.
From my own experience, Google looks at your app’s entire permission footprint - not just the new scopes you’re adding. Even if you change your OAuth request to only ask for unrestricted scopes, any restricted permissions you’ve used before stay linked to your app until you get verified or manually revoke them. The warning messages users see are based on your app’s overall verification status, not individual scope types. I tried working around verification by limiting scopes and it just made things messier than going through the review process. The documentation requirements aren’t bad if you keep good records of how you use data. One heads up - existing users who already authorized your app won’t see new consent screens for restricted permissions they’ve already granted, but new users will still get verification warnings no matter what scope strategy you use.
Had the same problem when Google tightened their OAuth rules. Switching to unrestricted scopes won’t eliminate verification if you’re already using restricted ones. Google reviews your app’s total permissions, not just the new ones. Your Drive permissions remain intact, but the unverified warnings persist until you complete the review process. Typically, verification takes 2-4 weeks if you provide clear documentation. It’s better to go through the verification than risk losing users due to those warning screens. The review team is reasonable; just be transparent about your app’s functionality and data handling.
went through this mess last year with my app. switching to unrestricted scopes won’t remove your existing drive permissions but users will definitely still see those scary warning screens until you get verified. the verification process isn’t that bad though, just takes patience