OAuth Reviewer Guide
This page provides a direct and reproducible path for Google Trust and Safety OAuth verification.
Prerequisites: OAuth Consent Screen Access
Before testing, confirm the OAuth consent screen is accessible to your reviewer account. Our app is published in Production mode on the Google Cloud Console. If you see an "Access blocked" error, please contact us so we can add your email as a test user or resolve any consent screen issues.
No sign-up or pre-existing account is required. The OAuth flow starts directly from the login page — clicking "Continue with Google" will trigger the Google consent screen.
Direct Test Entry Points
- Login page: https://spamfree.ai/login
- Direct OAuth start: https://spamfree.ai/api/auth/google
No login or registration is required before accessing the OAuth flow. Clicking "Continue with Google" on the login page immediately redirects to the Google consent screen. The direct OAuth start URL bypasses the login page UI entirely.
Verification Checklist
- Open https://spamfree.ai/login in a clean browser session (no existing Google session recommended).
- Click "Continue with Google". No prior account creation is needed — this button initiates the full OAuth flow.
- You will be redirected to Google's consent screen showing the SpamFree.ai app name and all requested scopes.
- Approve consent on the Google screen. You will be redirected back to SpamFree.ai automatically.
- Confirm the dashboard loads and inbox data appears (gmail.readonly scope used).
- Open one email and perform one modify action such as archive or mark-as-read (gmail.modify scope used).
- Open compose and send one email (gmail.send scope used).
- Open the profile area to verify Google userinfo data is displayed (userinfo.email and userinfo.profile scopes used).
Scope to Function Mapping
| Scope | In-app usage |
|---|---|
| https://www.googleapis.com/auth/gmail.readonly | Read message metadata/content to classify inbox categories and render inbox views. |
| https://www.googleapis.com/auth/gmail.modify | Apply mailbox state changes such as archive, read/unread, and categorization updates. |
| https://www.googleapis.com/auth/gmail.send | Send emails from the SpamFree.ai compose flow when explicitly triggered by the user. |
| https://www.googleapis.com/auth/userinfo.email | Create/link account identity after Google sign-in. |
| https://www.googleapis.com/auth/userinfo.profile | Display signed-in user profile details and avatar. |