Auth0 for google-auth social connection

Hi - this question may not be directly auth0 as such. However since many of you may have encountered this, I think its better to post.

I am writing a chrome extension that works when the user is playing a youtube video on chrome browser. I need basic user information (username and email). The purpose is to get information on user’s behaviours on how they use the extension.

I use auth0 for authentication. While I am able to authenticate users with auth0, I see following warning in auth0 logs. The warning occurs each time a user is authenticates using auth0.

So I created a new project in google developer console and got own auth keys (client id and secret). I updated auth0 connection settings and now the warning is gone. :+1:

I am using basic scopes (openid profile email) during authentication request. Following are two questions.

(1) In Google developer console, in the OAuth consent screen settings, the publishing status is Testing. I have just given one of my own gmail id as Test user. However, I am still able to successfully authenticate with my other gmail id. The documentation on the google dev console page mentions that While publishing status is set to “Testing”, only test users are able to access the app. So then how am I able to authenticate via auth0/google-auth with user not mentioned in test users list?

(2) Do I need to publish the app if my extension is published for general public? I somehow sense that publish, registration and verification may be needed only if I use sensitive and/or restricted scopes? Can anyone confirm?

(3) How many users can use my app with successful google authentication in case my app is not published, registered and verified?

Thanks
Amit

Hi @amitudedhia,

It looks like all of your questions are specific to google’s platform. I would suggest taking a look at their documentation, it seems to answer some of these questions. If you have more in-depth questions you may want to look at google support.

This doc lists sensitive/restricted scopes, user limits for unverified apps, and when you need to verify.