I'm building a Vercel app that uses Google OAuth for authentication. A couple months prior when first logging in with Google, users were presented with a screen similar to this one, that had them acknowledge the site wasn't verified by Google and allowed them to proceed. Today, all new users are presented with this screen that does not allow them to proceed.
By my reading of the docs: https://developers.google.com/identity/protocols/oauth2/scopes as long as the site doesn't access any sensitive data, it doesn't need to be verified by Google in order to use Google OAuth. Is this the case? If so, how would I identify what sensitive information Google thinks is being accessed to remedy the problem?
I'm fairly confident it has something to do with the combination of accessing sensitive data on an unverified site because adding the user to the test users screen in Google Cloud Platform under the OAuth consent screen menu changes the screen to this one, once again allowing the user to proceed to the site.
I'm aware that I could move the project to an internal organization account but that isn't ideal for my use case.
I removed all of the APIs that are enabled by default in Google Cloud Platform.
I was hoping this would fix the issue because the docs indicate that if any of the APIs access sensitive info the site needs to be verified by Google, so by removing them I would side step the issue. It didn't result in any change.
For future readers-
You do not need to verify your app if it has less than 100 users and you are not accessing sensitive data. To see the sensitive scopes you're requesting access to you have to go to the OAuth Consent Screen -> Edit App (at the very top next to your app name) -> Save and Continue (at the bottom)
