Search code examples
google-oauthgoogle-contacts-api

Google contacts API invalid scope but app does not need review - contacts api

I'm trying to use Google Contacts API to import a users gmail contacts. This works with my gmail but fails when others try to login with the following error message:

Error: invalid_scope

This app hasn't been verified to access: {invalid = [https://www.googleapis.com/auth/contacts]} Please contact the developer for assistance. Are you the developer? If this project needs these scopes, sign in to an account with access to edit your project and try again. If not, contact the developer for help.

Because of this message, I did some research and found this question which suggests that this app needs to be reviewed. I then submitted my app for verification. However, I received an e-mail saying that my app does not need verification from google. 

Thank you for submitting the developer verification form. Based on the information you provided, you have access to the scopes that you are planning to use. If you add any more scopes in the future, you may have to go through verification.

The scope I am requesting is https://www.google.com/m8/feeds/.

Does this scope require approval from google?

I'm using the gapi library, below is my code:

 function start() {
  var auth_obj = {
    clientId: currentUser.GOOGLE_APP_ID,
    scope: 'https://www.google.com/m8/feeds/'
  }
  gapi.client.init(auth_obj).then(function() {
    gapi.auth2.getAuthInstance().isSignedIn.listen(updateSigninStatus);
    updateSigninStatus(gapi.auth2.getAuthInstance().isSignedIn.get());
  })
};

gapi.load('client:auth2', start);

function getContacts() {

  var access_token = gapi.auth2.getAuthInstance().currentUser.get().getAuthResponse().access_token
  var url = "https://www.google.com/m8/feeds/contacts/default/"
  url += "thin?alt=json&access_token=" + access_token
  url += "&max-results=500&v=3.0"

  $.get(url)
}
Solution

  • Yes, If your app is going to be used by random other users and it is asking for the contact scope then it needs to be reviewed and approved.

    The reason you got the answer from us (it does not need a review).. if you indicated that it was for your own usage or for just a few users. In that case you (and whoever needs to approve) can join a Google group. You probably joined the Google group and thus you can approve this app (or your account is part of gsuite).

    Contact me with more details about your app and I can look into the specifics.