How can I securely request data via Google OAuth?
Until recently, my site users could import data from Google via OAuth. Recently, however, they got the warning below, in the yellow box, when logging in (although the import is still working).
I also noticed this same warning on Facebook GMail authenticator!
What has changed / am I missing?
This site has registered with Google to request authorization, but is not configured to send a reliable response.
If you provide access, but you do not initiate this request at www.foo.com, it may be possible for other users of www.foo.com to access your data. We recommend that you deny access, if you are not sure that you initiated this, request it directly on the website www.foo.com.
(The site is written in Zope / Python, but the step / documentation I'm skipping is more important)
source to share
Has Google tried the error message? This led me to this page , which says:
Enhanced Security Registered: Registered applications with a security certificate in the file can use secure tokens. The Request Access page removes warnings by displaying this message: "Google is not affiliated with us and we recommend that you only grant access if you trust the site."
For details, see their docs, step 4, "Upload Security Certificate".
source to share