I’m going through the process of preparing my Google Cloud Project (GCP) application for Google OAuth Verification.
Slide 22 of the Nylas guide, mentions that nylas.com should be added as an authorized domain if using Hosted Authentication.
Since we are indeed using Hosted OAuth, should the App Domain section (Slide 21) also contain Nylas’, not our own, Application Homepage URL, Privacy Policy Link, and Terms of Service Link?
It would also really help if screenshots or docs with all the fields relevant to verifying a GCP app were shared.
No; the homepage, privacy policy, and TOS link fields must be populated with those links and resources from your own brand/product, not those of Nylas. Submission with Nylas links will result in your submission being denied by Google and returned for revision.
The nylas.com domain must be authorized within the GCP console solely because of its utilization within the hosted authentication flow. Google is still explicitly looking for your own application to demonstrate compliance with their policies via your PP and TOS, as the ultimate steward of their customer data within your application.
The full checklist that Nylas CS uses to spot-check your GCP demo video for submission readiness can be found here, on slide 40 of our guide. If you have questions after reviewing, you can reach out via customersuccessmanagers@nylas.com for an additional set of eyes.