To protect users and their data from deceptive applications, your new or updated web application or Apps Script may show an "unverified app" screen prior to displaying the consent screen, or may be marked as "risky" in Security Checkup.
To remove this screen from your app, or to prevent your app from being marked as risky, you will need to go through the verification process.
When do I need to go through the verification process?
If you create user-facing apps, go through the verification process before you launch your application. You can continue to build and test your application while waiting to complete verification. Upon successful completion of the process, the unverified app screen will be removed from your client.
If you are developing an experimental app or setting up an OAuth-based plugin for a popular platform, such as SMTP for Wordpress, you do not need to go through the verification process.
How do I start the verification process?
- Verify your website ownership through Search Console by using an account that is either a Project Owner or a Project Editor on your OAuth Project. This also means this same account must be a verified owner of the property in Search Console. We won't be able to approve your OAuth verification request until your site ownership verification is complete. Learn more about site verification. Learn more about Search Console permissions.
- Submit a verification request at https://support.google.com/code/contact/oauth_app_verification to begin the verification process.
How does verification work for Apps Script?
Newly published Apps Scripts that request OAuth access to data belonging to consumers or users in other domains may also have the "unverified app" screen attached to their OAuth consent flow. For more information about how these changes affect Apps Script developers and users, including instructions for verifying Apps Script OAuth clients, see the Apps Script OAuth client verification documentation.