Hello, just checking back on this. I am fine with submitting the app for approval under the notion that it is for external use -- even though it is not for external use. At the end of the day, I only care to make ends meet and keep security tight.
However, I don't want the review process to develop into myself trying to meet standards that are difficult to ascertain when the app doesn't necessarily exist in a state that makes those standards necessarily in the first place. Like for example, I wouldn't want to spend weeks going back and forth trying to fine-tune a privacy policy page and ToS for something that only I am going to use anyway... but if it must be done then so be it. I understand our unique position may warrant unique requirements. In all fairness, I'm not even really sure how complex the approval process is, and maybe my concern here isn't even all that aligned with reality. That is why I ask though. Is this approval something that will be still required still? What will that entail for me? Or can we potentially work out a custom solution given these circumstances? Thanks, Chad On Wednesday, November 30, 2022 at 6:00:49 PM UTC-8 Chad Wood wrote: > What about the review process. I assume that, despite my edge-case, I will > still be required to submit for “external app approval”, yes? > > On Wed, Nov 30, 2022 at 5:58 PM Chad Wood <chadwo...@gmail.com> wrote: > >> I see. Correct me if I’m wrong here, but I think I’m starting to >> understand. Practically speaking in this case, there really isn’t a >> difference between my my app being published versus unpublished, except >> that the limitations (of 100users and 7days/refresh token) are lifted. Is >> this right? Because I think anyone can verify themselves as it currently >> stands, though new users would add tally against the 100user total. So >> publishing isn’t really making my app available to anyone with a Google >> Account; that is technically already be true… right? >> >> My system is already set up to store everything encrypted with >> environment variables and whatnot, so I guess I do have a “log in” >> already—because a user would need to log into my work environment in order >> to access anything in a decrypted state. >> >> If this is correct, then I think I was just misunderstanding due to the >> verbiage used on that pop up. Nobody should be able to access my app >> because I don’t go around distributing copies of my work environment. Is my >> logic accurate with all of this? >> >> Thanks. >> >> On Wed, Nov 30, 2022 at 4:35 PM Google Ads API Forum Advisor >> <ads...@forumsupport.google> wrote: >> >>> Hello, >>> >>> Essentially, if you have a Google Workspace setup, then Google can >>> handle some parts of the authentication for you, and ensure that only users >>> within your Workspace domain are able to create refresh tokens. >>> >>> If you aren't using that, then Google does not do any checking of this >>> sort on our side, meaning that the burden is on you to provide your own >>> security measures to ensure that the correct subset of users is able to log >>> in. Remember, that what we're doing here is a workaround for your edge-case >>> situation, and the "normal" situation for someone choosing this option >>> would be for someone who was choosing to publish their app widely. However, >>> in your case, where you have no intention of doing that, what this message >>> really boils down to is that Google is not going to restrict who can create >>> refresh tokens to only people within your Google Workspace domain. But you >>> can still restrict that, by not sharing your client ID and client secret, >>> and by building up your own login system. >>> >>> >>> Regards, >>> Mike, Google Ads API Team >>> >>> ref:_00D1U1174p._5004Q2ewsYl:ref >>> >> -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "Google Ads API and AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/bf0b71a8-b19f-4b71-a916-a0bd7d6332fen%40googlegroups.com.
