We are using One Click Action Email Markup in our application. We have already white-listed the email id ([email protected]) from which we are sending the emails.
The button is also shown when email is sent from the white-listed email id. But when clicked, it calls the provided service but it doesn't provide us the authorized users information eg. Bearer Token. We need that just to check whether the action was from authorized user or not. We don't fetch that person's details. Request-Response details are provided below.
URL that is called when user presses "Cancel" button https://XXXXX.appspot.com/my/service?reqs=%5B%7B%22reqId%22%3A%20%22d690026a-1a54-de13-abf0-65c80ea0b23f%22%7D%5D
Received Request Headers
{'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/1.0 (KHTML, like Gecko; Gmail Actions)', 'Host': 'happierhr.happierhr.appspot.com', 'X-Appengine-Region': '?', 'X-Appengine-City': '?', 'X-Appengine-Citylatlong': '0.000000,0.000000', 'Content-Type': '; charset="utf-8"', 'X-Appengine-Country': 'US'}
Expected Request Headers
{'Host': 'XXXXXX.appspot.com', 'Content-Type': '; charset="utf-8"', 'X-Appengine-Country': 'ZZ', 'Authorization': 'Bearer BEARER_TOKEN_FULL_STRING', 'User-Agent': 'Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/1.0 (KHTML, like Gecko; Gmail Actions)'}
As you can see no Authorization key is being sent. Hence we are not able to authorize the user in our app. and it fails.
It looks like you're running into the same issue as 30847151. You've already been whitelisted, but you will still have to request to be whitelisted for Bearer Tokens.