Can I use hosted FusionAuth with a 'sensitive' google scope?



  • I’m using hosted fusionauth.

    I have https://my-company.fusionauth.io and my app (the one rolling out to customer) needs first a signup offering email + social (including google). There's also a feature that requests access to google’s calendar event’s (write).

    In order to handle the google calendar flow

    • I need to add https://my-company.fusionauth.io as a authorized javascript origin
    • calendar.events.write is a ‘sensitive’ scope which means google ask me to verify ownership of every top domain I use in my flow, including fusionauth.io

    From google’s doc ( https://support.google.com/cloud/answer/9110914?authuser=0 😞

    Verify ownership of your project’s authorized domains using the Search Console. Use an account that is either a Project Owner or a Project Editor of your Cloud Console project.

    As I don’t own fusionauth.io, what is the way to use a cloud-hosted fusionauth with a google scope that is listed as sensitive ?



  • If you have purchased a high availability hosting plan we can configure additional URLs for you - such as login.example.com - and then FusionAuth would be in the same domain as your own application, and you'd be able to verify the domain.