[Users] OAUTH2 Authorisation Status

[David Fletcher]

>DM: I'm guessing this refers to the 'Gmail API' restricted scope
>(perhaps these scopes are a subset of sensitive scopes?). In any case,
>what is needed for this setup to work almost certainly requires the
>verification process before Google will put their 'stamp of approval'
>on it. But my guess is that their approval is not needed for it to be
>actually usable -- you'll just got all the warnings everywhere about it
>being unverified, potentially dangerous, untrustworthy, etc. :)
>---Dustin
>>
>> And has anyone gone through this gate of 'in production' status
>> recently - and had to (or not had to!) go through a verification
>> process?
>>
>DM: I doubt it, but I could be wrong. ---Dustin
>>
>>

Yes - the 'sensitive scopes' are access to the Gmail API. I can see why
it's classed as sensitive since you are giving the rights to the
application to read, send and delete your email. Of course, if you trust
the application and it's under your control that's fine.

>From memory you just switch it to "In Production", and it asks you to
start the app verification process. Then just don't proceed with the
verification - that seems to remove the 7 day restriction, but leaves
the Not Trusted nag screen when you authorise it to access your email.
The app verification process itself is a nightmare - they want you to
prove ownership of the claws-mail.org domain, give them a street address
for the organisation etc. It's really geared up for companies not open
source projects.

Best regards, David.