remoteStorage

Google Drive OAuth changes for global scope/permission

When I just tested GDrive support for Webmarks, this is what Google decided to show me:

Webmarks is hosted on webmarks.5apps.com, and before today, it always showed the right URL, as well as the app icon that you can upload for OAuth apps in the Google Developer Console. Now it claims that the parent domain owner will have access to your Drive, which is just plain wrong. There’s absolutely no way for the people running 5apps.com to access a user’s Drive account when they do an OAuth from webmarks.5apps.com.

Could someone confirm if this madness is going on for other apps and accounts as well? It looked like they also removed the verification of the OAuth app for production use, which may have something to do with it (and which is even more infuriating, as I have not received any communication about it since they approved Webmarks for production and removed the big warning screen during the auth procedure for users).

I just had a look at the Developer Console and re-submitted the app for verification. You have to authorize the full domain now, indeed.

This makes it much more expensive to offer Unhosted apps with GDrive support, as you have to pay for a full domain now (given you don’t want people to get the wrong impression about who has access to their Drive). I’m not quite sure what to do with my own apps, because I don’t really want to pay money for offering free apps to people, merely because Google decided to mess with developers like this. :confused:

(What makes this extra spicy is that Google is the owner of the new .app TLD, by the way.)