Internal docs · OAuth verification

Submitting StockPilot for Google OAuth verification

Until the app is verified, new users see a scary “Google hasn't verified this app” screen when they connect Gmail and have to click “Advanced → Go to StockPilot (unsafe)”. Verification removes that. One-time form, 1–2 weeks turnaround.

  1. Confirm only sensitive scopes are requested — no restricted scopes. Open console.cloud.google.com/apis/credentials/consent under the project that owns the OAuth client (the one whose ID is in GOOGLE_CLIENT_ID). Under “Scopes” there should be only:
    • https://www.googleapis.com/auth/gmail.send
    • https://www.googleapis.com/auth/userinfo.email
    Any restricted scope — including gmail.readonly, gmail.modify, or mail.google.com/— triggers Google's CASA tier-2 security assessment (~$4–15k and months of paperwork). StockPilot deliberately avoids all of them. Supplier replies are handled by our inbound-email webhook instead, so we don't need any read access to user mailboxes.
  2. Fill in the OAuth consent screen app details.
    • App name: StockPilot
    • User support email: support@stockpilot.app
    • App logo: any clean 120×120 PNG from your design assets (must match the one we use in the marketing site).
    • Authorized domains: stockpilot.app (and the Railway preview domain during testing).
    • App home page: https://stockpilot.app/
    • Privacy policy: https://stockpilot.app/privacy (already live).
    • Terms of service: https://stockpilot.app/terms (already live).
    • Developer contact: your personal email.
  3. Justify each scope. Google asks in plain English why you need each scope. Copy-paste these:

    gmail.send

    StockPilot sends purchase-order emails on behalf of the signed-in café owner to their suppliers. The owner approves each order in the app, and the email is sent from their own Gmail account so the supplier sees a normal, personal email.

    userinfo.email

    Used once during OAuth to identify which Gmail address the user connected, so we can label it in Settings and sign outbound emails from the correct From: address.

  4. Record a short demo video. Google requires a 30-second-to-2-minute screen capture showing:
    1. The consent screen appearing when a new user clicks “Connect Gmail”.
    2. The user granting the scopes.
    3. An example of the resulting functionality (e.g. an email being sent to a supplier).

    Upload to YouTube as Unlisted and paste the URL in the form.

  5. Submit for verification.Click “Prepare for verification” at the top of the consent screen page. Google typically responds within 5 business days requesting small clarifications, and the full cycle takes 1–2 weeks. The product stays fully functional for existing connected users during review.
  6. Add test users in the meantime.Before verification completes you can add up to 100 Gmail addresses as “Test users” in the consent screen — those users will skip the unverified-app warning immediately. Add your first customers here so their onboarding is painless while the form works through review.

Once verified

New users clicking “Connect Gmail” will see a clean consent screen with the StockPilot logo and “Continue” — no “unsafe” warning. That's the single biggest trust improvement available pre-launch. Do it before your first external customer demo.