oauth - Disable checkboxes on Google consent screen

Question

We're implementing Gmail sending in out ASP .NET web application with Gmail .NET SDK.

In order to do this we need all following scopes "email", "profile", "openid", https://www.googleapis.com/auth/gmail.send" to be granted to us by user.

However, on the consent screen user can untick checkbox "Send email on your behalf" which is not acceptable for us, please see below:

We've seen quite a few examples where there are no enabled checkboxes on the Google consent screen. So, we're truiyng to figure out how to hide/disabled checkboxes in our app, could you please advise?

Probably, this is because of our application is still not verfified, but I'm not sure if this is the reason.

Thanks, Evgeny.

Answer 1

These checkboxes are due to the rolling out of a new granular account permission system, they are completely normal, and can not be turned off.

More Information:

After some digging, I discovered this Google Developers blog post from 2018 in which it is discussed that in the new permission system, users will have the ability to grant or deny permissions individually.

From the blog post:

Over the next few months, we'll start rolling out an improvement to our API infrastructure. We will show each permission that an app requests one at a time, within its own dialog, instead of presenting all permissions in a single dialog*. Users will have the ability to grant or deny permissions individually.

*our different login scopes (profile, email, and openid are all combined in the same consent and don't need to be requested separately.

It seems that this is still in the roll-out phase, even though at the time of writing this answer 26 months have passed since the announcement.

Preparing for the change:

The following are guidelines provided by Google as to how to prepare for the changes they are making to the Google Account permission system for OAuth and APIs:

• Review the Google API Services: User Data Policy and make sure you are following them.
• Before making an API call, check to see if the user has already granted permission to your app. This will help you avoid insufficient permission errors which could lead to unexpected app errors and a bad user experience. Learn more about this by referring to documentation on your platform below:
  • Documentation for Android
  • Documentation for the web
  • Documentation for iOS
• Request permissions only when you need them. You'll be able to stage when each permission is requested, and we recommend being thoughtful about doing this in context. You should avoid asking for multiple scopes at sign-in, when users may be using your app for the first time and are unfamiliar with the app's features. Bundling together a request for several scopes makes it hard for users to understand why your app needs the permission and may alarm and deter them from further use of your app.
• Provide justification before asking for access. Clearly explain why you need access, what you'll do with a user's data, and how they will benefit from providing access. Our research indicates that these explanations increase user trust and engagement.

You can read the aforelinked blog post for full information about the change.

I hope this is helpful to you!

References:

• Google Developers Blog: More granular Google Account permissions with Google OAuth and APIs
• Google API Services User Data Policy | Google Developers
• GoogleSignIn | Google APIs for Android | Google Developers
• Google Sign-In JavaScript client reference
• Requesting additional scopes after sign-in | Google Sign-In for iOS