Hello community,
I have a question regarding the Google OAuth app verification process.
Recently, our team successfully completed the OAuth verification process for our primary service, which is hosted at app.example.com.
We are now preparing to launch a new service on a different subdomain: new.example.com. We are planning to utilize the exact same verified GCP project for this new service. Additionally, the new service will operate under the exact same Privacy Policy, Terms of Service, and Security Policies as our existing, verified application.
Given this context, I have two questions:
-
Do we need to undergo the full OAuth verification review again simply to add the new authorized domain (
new.example.com) to our existing verified GCP project? -
If adding it to the current project is not permitted without a full review, are we required to create a brand new GCP project and go through the verification process from scratch for the new subdomain?
Has anyone here experienced a similar situation? Any advice or guidance on the most efficient way to handle this would be greatly appreciated!
Thanks in advance.