I am creating a new OAuth to be able to access my GDrive from my computer (using rclone on Linux). This is strictly for me and for no one else — no one else will ever get to see my client ID and client secret.
But in order to be able to use it, I have to verify it, which in turn means that I have to publish it. I don’t want to publish it because it’s not for the public, but here I am!
In order to publish it, I have to have a web page with the required name, a web page with a privacy policy, and a web page with terms & conditions.
I don’t have these! This is strictly personal, for me and no one else. I suppose that I could create a dummy website just for the purpose with Google Sites.
In addition, whatever I do, it complains, “The app name ‘[name]’ configured for your OAuth consent screen does not match the app name on your homepage.“ I have tried all sorts of different names, but nothing is accepted, and it seems to be a complete mystery as to what I should set the name to.
I am utterly bewildered and stuck, and I cannot find answers on the internet. Please help!
Since this is just for you (a “personal project”), you do not need to publish the app or go through the verification process. For personal use with rclone, leave the User Type as External and keep the Publishing Status in Testing. You must explicitly tell Google that your email address is allowed to use this “unverified” app.
-
Go to the OAuth consent screen tab in the Google Cloud Console.
-
Scroll down to the Test users section.
-
Click + ADD USERS.
-
Enter your Gmail/Workspace email address and hit Save.
The error message about the app name not matching the homepage is only appearing because the system thinks you are trying to submit for verification. Go back to the “Edit App” screen. Make sure you haven’t uploaded a logo and haven’t filled out the “Authorised Domains” section unless absolutely necessary.
When you run the rclone config flow, and it opens your browser to log in. Click Advanced, then click Go to [Your App Name] (unsafe) at the bottom, grant the permissions, and rclone should grab the token.
Thank you for the advice, Brett. I’ve done as you suggest.
I have two concerns.
First, “Add Users” gives this warning, which I don’t understand:
While publishing status is set to ‘Testing,’ only test users are able to access the app. Allowed user cap prior to app verification is 100, and is counted over the entire lifetime of the app.
Does this mean that I can have only up to 100 users? If so, that’s a non-issue because it will be just me and no one else.
Second, according to the instructions:
Keeping the application in “Testing” will work as well, but the limitation is that any grants will expire after a week, which can be annoying to refresh constantly.
The are three scopes applied, as follows (also from the instructions):
https://www.googleapis.com/auth/docs
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.metadata.readonly
If I understand correctly, I’d have to come in every week to re-add the scopes.
Have I misunderstood?
Correct. As you say, it won’t be an issue while it is just you.
There is a distinction between Google Workspace (paid) users and Standard Gmail (free) users.
-
If you have a Google Workspace account, you can set the App Type to Internal. If it’s Internal, your tokens won’t expire every 7 days, even without verification.
-
If you have a personal @gmail.com account, you are stuck with External. You’re right that Google’s policy states that for “unverified” apps in “Testing,” the refresh token expires in 7 days.
Thank you. I have a personal @gmail.com account.
So, does that mean that I have to sign in every week?
It might be less hassle in the long term to publish the app. Am I correct that keeping my “client ID” and “client secret” secret will prevent the public from connecting, or will others be able to connect if I go this way? I really don’t want other people to be able to connect!
Even if you “Publish” your app, it doesn’t mean it appears in a store or that anyone can find it. For someone to actually connect to your data, they would need:
-
Your Client ID.
-
Your Client Secret.
-
Your physical login credentials (Username/Password/2FA) to your Google account.
Excellent, thank you! I’m going to do my best to find out how to publish this. I’ll use a test domain (that I use for testing, and has no-index so that it doesn’t appear in search results).
I’m sure that I can find out how to create the three required web pages.
The only place where I’m stuck is, “The app name ‘[name]’ configured for your OAuth consent screen does not match the app name on your homepage.“ What name do I have to use there? I simply cannot figure it out!