I am trying to add social sign-in functionality to an app which is served via Azure B2C and although I have ran through the Google documentation I am still not sure if the Google app needs verification or not.
The application is public - therefore it is defined as External. When the user registers the application The scopes exchanged (also visible via Url) are the followings:
- https://www.googleapis.com/auth/userinfo.email
- https://www.googleapis.com/auth/userinfo.profile
- openid
No sensitive or restricted scopes are used.
Do I need to verify the application or not? If I leave it in Test mode does the 100 user limit is still applicable? I tried it to register using 2-3 accounts (without adding test users) and the count does not change in GCP as per below:
On the other hand by trying to publish the app I get the modal below:
Could you please shed some light ? Thank you in advance, Dimitris
First off test mode and production mode are not related to verification. They are two different concepts.
Setting your app to production, will mean that you can have unlimited users using your app and that your refresh tokens will not expire after seven days, although if you are just using signin you probably dont use refresh tokens.
Verification Means that google is going to verify in your case that you have a privacy policy and home page set up as well as name of your app and logo are valid. As you are not using any sensitive or restricted scopes its just a matter of clicking the button you shouldn't need anything more then that.
This will remove the "this app hasn't been verified screen"