Unverified Google Login!

I have used Google for login and register new users via Social Login add-on successfully, but since about a month we have the below error while trying to login:

"This app isn't verified. This app hasn't been verified by Google yet. Only proceed if you know and trust the developer."

[attachment=12721:google-verified.png]

I contacted Google support. They recommend using Sign In Scopes instead and refer to this page to understand why they recommend to not use https://www.googleapis.com/auth/plus.login.

As maintained on Use Guide page of OAuth2 to configure Google login, it needs Google+ API:
https://hybridauth.github.io/hybridauth/userguide/IDProvider_info_Google.html
I tried to remove plus.login scope from related add-on file (app/addons/hybrid_auth/lib/Hybrid/Providers/Google.php), but not fixing the problem even after delete the var cache.
Anyone faced the same issue or has a suggestion to solve it?

google-verified.png

8)

I join the issue.
I have tried to send verification form to Google but I did not exactly knew
which Scopes do I need for my application. So I've declared two Scopes I thougt by logic. And it was wrong. I've recieved the folllowing letter fron Google:


Quote

Invalid/Inapplicable Scopes
Dear Developer,
Thank you for submitting the developer verification form. Based on the information you provided, we noticed that you have requested access to following scopes.

https://www.googleap.../userinfo.email
https://www.googleap...serinfo.profile
Scope names provided by you do not need approval and thus inapplicable for the verification process. Please refer full list of OAuth scopes can be found on the OAuth 2.0 Scopes page.

Please refer 'What are Invalid or Inapplicable scopes' question on our FAQ page as a resource.



So whitch scopes are correct?


************************************************************

So, after a long time I have no answer in bug tracker I have asked helpdesk about this. But service engeneer, not understanding the issue, just give me some screenshots about new Google's API cabinet and write-off 5 credits from my helpdesck score.
Now I have neither answer nor credits. Bad!

I propose to do two things in helpdesk: first - the claim button for disagree about answer. And second - "I'm definitely not going to pay for message" option in begining.

Otherwise it seems like a small dog bites a bit by bit with any movement. Really not cool policy.

I have the exact same issue. Some help would highly be appreciated! It’s very disappointing to hear your experience with CD-Cart Support! I’ll try to reach out as well hoping for a better outcome!

I just created new project and requested the OAuth credentials per instruction from CS-Cart documentation and did not receive any unverified app screen. Can you provide a screenshot with this screen?

da3020 We would be grateful if you do not use obscene language on the forum.

...and did not receive any unverified app screen.

It may be because You have permiss this app earlier in your security list here

Here is screenshot http://prntscr.com/ii7nof

da3020 We would be grateful if you do not use obscene language on the forum.

Sure! I'm sorry. Corrected.

It may be because You have permiss this app earlier in your security list here

Here is screenshot http://prntscr.com/ii7nof

Sure! I'm sorry. Corrected.

The app was not in that list until I allowed it to access the account data during authorization in the store. If I remove it from the list, I can still login in the store

My issue is now resolved. I still had to enable the Google+ API

My issue is now resolved. I still had to enable the Google+ API

Nope. I have Google+ API enabled (screen)

If I remove it from the list, I can still login in the store

Do not know yet what it may be. Maybe Your Google Developer's account has some special status...

But I have found some extra tool here (screen) that calls "APIs Explorer". I still do not know how to use it but I can see some recommended Scopes there (screen) - can it helps? Are any ideas?

Unfortunately, there is no updated and clear description of Google Integration with Social Login Add-on.
The current description is outdated to Google Developer version and their new policy, terms and conditions of scopes use:
https://hybridauth.github.io/hybridauth/userguide/IDProvider_info_Google.html
https://docs.cs-cart.com/4.7.x/user_guide/addons/social_login/provider_settings.html
I think CS-CART needs to keep up with that and provide clear steps for installation up to date.

I also agree with outdated documentation. I totally got lost and wasted a lot of time. I do fully understand that it takes time and resources to maintain all these documentation, but it’s key if CS-Cart wants to stay competitive in this market.



One additional step that I did was verifying my domain with Google. Not sure if it has anything to do with this issue. I’m more than happy to have a web conference with you so we can compare our settings and see if we can resolve your issue. I’m sure there will be others who will be having the same issue.

I have verified my domain of course but it did not helps.

1. Go to app/addons/hybrid_auth/lib/Hybrid/Providers/Google.php

2. Find

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read https://www.google.com/m8/feeds/";

3. Replace with:

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read";


1. Go to app/addons/hybrid_auth/lib/Hybrid/Providers/Google.php

Yes!!! It helps! Great! Thank you!

1. Go to [b]app/addons/hybrid_auth/lib/Hybrid/Providers/Google.php[/b]

2. Find

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read https://www.google.com/m8/feeds/";
 
3. Replace with:

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read";
 

Thank you so much for your helpful response. It solved our issue.

1. Go to app/addons/hybrid_auth/lib/Hybrid/Providers/Google.php

2. Find

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read https://www.google.com/m8/feeds/";

3. Replace with:

public $scope = "https://www.googleapis.com/auth/plus.login https://www.googleapis.com/auth/plus.profile.emails.read";

Thank a lot, that works!