0

I'm trying to use Google Contacts API to import a users gmail contacts. This works with my gmail but fails when others try to login with the following error message:

Error: invalid_scope

This app hasn't been verified to access: {invalid = [https://www.googleapis.com/auth/contacts]} Please contact the developer for assistance. Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again. If not, contact the developer for help.

Because of this message, I did some research and found this question which suggests that this app needs to be reviewed. I then submitted my app for verification. However, I received an e-mail saying that my app does not need verification from google. 

Thank you for submitting the developer verification form. Based on the information you provided, you have access to the scopes that you are planning to use. If you add any more scopes in the future, you may have to go through verification.

The scope I am requesting is https://www.google.com/m8/feeds/.

Does this scope require approval from google?

I'm using the gapi library, below is my code:

 function start() {
  var auth_obj = {
    clientId: currentUser.GOOGLE_APP_ID,
    scope: 'https://www.google.com/m8/feeds/'
  }
  gapi.client.init(auth_obj).then(function() {
    gapi.auth2.getAuthInstance().isSignedIn.listen(updateSigninStatus);
    updateSigninStatus(gapi.auth2.getAuthInstance().isSignedIn.get());
  })
};

gapi.load('client:auth2', start);

function getContacts() {

  var access_token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token
  var url = "https://www.google.com/m8/feeds/contacts/default/"
  url += "thin?alt=json&access_token=" + access_token
  url += "&max-results=500&v=3.0"

  $.get(url)
}
user2954587
  • 4,661
  • 6
  • 43
  • 101
  • Which library are you using? Or are you just doing manual HTTP requests? If the latter, do you have some code to share? Also, you are correct in that the Contacts API requires no approval to use. It only requires approval to raise the default limit of 20 million queries per day. – Blake O'Hare Jun 30 '17 at 01:36
  • @BlakeO'Hare updated with code. I'm using the gapi library – user2954587 Jun 30 '17 at 13:41
  • can you check the value of the auth token? (don't paste it here though). Make sure it begins with "ya29..." or something like that. Is the error coming from the OAuth endpoint or from the Contacts API endpoint? – Blake O'Hare Jun 30 '17 at 16:42
  • The inconsistent error message may be because you are a member of the [Risky Access Permissions By Unreviewed Apps](https://groups.google.com/forum/#!forum/risky-access-by-unreviewed-apps ] Group. Sign into your Google account and visit this group to see if you are a member. Membership in this group will disable Google's security check so that you can develop/test your integration before publishing it. – Graeme Jun 30 '17 at 18:22

2 Answers2

1

I suggest that you respond to the review and make it very clear what data you plan to access and how you are going to use it. If Google has any doubt about your intentions with the data, they see to be less likely to approve the request.

Also, if you plan to only read their contacts, you could modify your scope to be https://www.googleapis.com/auth/contacts.readonly.

Graeme
  • 970
  • 8
  • 16
1

Yes, If your app is going to be used by random other users and it is asking for the contact scope then it needs to be reviewed and approved.

The reason you got the answer from us (it does not need a review).. if you indicated that it was for your own usage or for just a few users. In that case you (and whoever needs to approve) can join a Google group. You probably joined the Google group and thus you can approve this app (or your account is part of gsuite).

Contact me with more details about your app and I can look into the specifics.

nvnagr
  • 2,017
  • 1
  • 14
  • 11