I’m looking to integrate Gmail (and Outlook ultimately) into my app using Nylas’ Hosted OAuth so I don’t have to manage my own OAuth client. We’ll be neding restricted Gmail scopes (e.g. gmail.readonly, gmail.send)
I’m trying to clarify whether if I use Nylas’ hosted OAuth client, do I still need to go through Google’s restricted scope app verification (and potentially the security assessment), or is this already covered by Nylas’ verification?
I’m a bit confused about this - according to my current knowledge it should be possible to use the hosted OAuth client. Which in my understanding, will remove the necessity to use our own google cloud instance - and thus also would remove the need of us having to go through the verification process?
Hi @kyo , you’ll still need to configure a Google Cloud Platform (GCP) application and complete the security assessment when using the Nylas’ hosted OAuth client. More information on this in our docs, but let me know if you have any additional questions.
You will not need to go through this process if you use our CASA-verified shared Google app. I’ll have a team member reach out to you shortly via email with more information on how to access the shared app, which is an add-on feature.
We want to keep using the Supabase SDK and Supabase authentication, ideally with Nylas bring your own auth, however we’re unsure whether that is also possible when using the Nylas shared Oauth client/app.
Ideally we would be able to use the Google OAuth client secret of the Nylas app in our Supabase project - is this something that would be possible?
The CASA-verified shared Google app is not available in the Sandbox because it’s a contract add-on feature. If you’re interested in this, let us know!
Unfortunately, you cannot use your own authentication with our shared Google app. When using Nylas’s shared CASA-verified app, you’ll have to authenticate directly through Nylas’s OAuth flow. You won’t be able to use our shared Google app’s OAuth credentials in your Supabase project since these are separate Google apps that cannot share authentication.
There are two options for moving forward with this:
Option 1: Use your own GCP and bring your own tokens to Nylas with custom authentication. We have a guide on how to do this with Supabase Google Auth: How to combine Supabase Google Auth and Nylas Google App Permissions. You’ll still need to go through the Google verification process.
Option 2: Use our shared GCP with no Google verification process, but your users would need to re-authenticate to approve permissions for Nylas’s Google app, separate from any existing Google auth you may have with your Supabase setup.
Please let me know if anything is unclear or if you have additional questions!
