# Proceso google de OAuth verification Proceso de verificción realizado por google para corroborar que no estamos mal utilizando su api. Tipo de verificación: **Sensitive scope verification** (3 - 5 days) ## Lista de elementos a realizar - [ ] Verify domain ownership of all your authorized domains with Google through Search Console - [ ] Application Homepage link: Shown on the consent screen. Must be hosted on an Authorized Domain. - [ ] Your application homepage links to an externally accessible domain that describes the necessary content, context, or connection to the app that you are submitting. - [ ] Un parrafo de: Productividad, confiabilidad, colaboración, eventos - [ ] Placing sign-in restrictions on the homepage is only allowed for internal apps - [ ] Links to the Google Play Store or Facebook are not considered valid application homepages. - [ ] Application Privacy Policy link: Shown on the consent screen. Must be hosted on an Authorized Domain. (see User Data Policy) - [ ] The Privacy Policy must be visible to users, hosted within the domain of your website, and linked to the OAuth consent screen on the google api console. - [ ] The Privacy Policy must disclose the manner in which your application accesses, uses, stores, or shares Google user data. Your use of Google user data must be limited to the practices disclosed in your published Privacy Policy. - [ ] Make sure that each scope that you're requesting has an explanation for its use/need for the project, as well as a justification for why a narrower scope would be insufficient. **¿podríamos disminuir el scope?** - [ ] Make sure all OAuth branding information on the OAuth consent screen, such as the project name shown to users, support email, homepage URL, privacy policy URL, and so on, accurately represents the app's identity - [ ] Include a YouTube link to a demo video demonstrating the OAuth grant process by users and explaining, in detail, the usage of sensitive and restricted scopes within the app's functionality for each OAuth client belonging to the project. - [ ] Note that the video should clearly show the app's details such as the app name, OAuth client ID, and so on. For multiple client IDs, the demo video should show usage of sensitive and restricted scopes on each client. - [ ] Note that approval will not be granted if scope usage on each OAuth client ID is not adequately explained. Additionally, if any of your OAuth clients in the project requesting verification are not ready for testing, we will be unable to complete our review and your request will be rejected. We require that you separate your test and production projects and move OAuth clients still in development into a test project before requesting verification. Your apps will be thoroughly reviewed by our teams. ## Recursos [User Data Policy](https://developers.google.com/terms/api-services-user-data-policy#accurately-represent-your-identity-and-intent) [Setting up OAuth 2.0](https://support.google.com/cloud/answer/6158849?authuser=1) [OAuth Api Verification FAQ](https://support.google.com/cloud/answer/9110914?hl=en&authuser=1) [Unverified apps](https://support.google.com/cloud/answer/7454865?hl=en&authuser=1)