If you make changes to your verified app’s OAuth consent screen configuration or your developer project, your app may need to undergo re-verification before the changes become available to users. Your app will need to re-verify for the following changes:
Adding new scopes to your Google Cloud project
- You can add new sensitive or restricted scopes in the Cloud Console OAuth consent screen configuration page any time.
- However, your app needs to be verified and approved for these scopes before your app can start to call these APIs.
- After adding scopes to your app, you must provide scope justification and submit the app for verification.
- Adding scopes does not require your app to redo a security assessment if you have already completed one.
How to add new scopes without breaking your app
1. Create a separate project to test your app
If you need to test and evaluate new scopes with your app, we recommend you use a separate cloud console project to do so. It is a recommended best practice to have separate cloud projects for development/testing and production/publishing.
If you add new, unapproved scopes to your production app’s codebase and start making API calls before these scopes are approved for your app, your users will start to see an unverified app warning pop-up.
To test your app with new scopes do the following:
- Create a separate development/testing cloud project.
- Configure the OAuth Consent screen and add the scopes you want to test
- Configure a test deployment of your app to work with this test cloud project
- Test your app’s functionality with new scopes
2. Update your production cloud project to include the new scopes
Once you complete testing your app, add the new scopes to your cloud production project by following these instructions:
- Sign-in to the Google Cloud Console
- Select the project-id
- Go to Credentials on the OAuth Consent Screen configuration page
- Go to Scopes for Google APIs
- Click Add scope
- Select the new scope(s)
- Click Add
- In "Scope justification", explain why you need these new scopes
- Click Submit for verification
Changes made to OAuth consent screen
- If you make any modifications to your app's name, logo/icon, redirect URI, homepage link, or privacy policy link displayed on your OAuth consent screen, your app will be required to complete brand verification again
- If there are no changes to requested scopes, you will not be required to provide additional scope justification and instead can proceed to submit for verification.