We are having issues during the app approval and reading different threads I suppose that I found the solution but, before submitting again, I would love to have your confirmation too.
Our app was rejected (multiple times) saying that the OAuth flow was not implemented properly (and to be honest, without a lot of more details).
We use the billing API too (when needed) so, during the oauth, we need to authenticate the user to our app too in order to create a correct subscription and associate to the app user.
Based onthe below image (Oauth flow)we are asking the user to login to our app during step (2) and for this reason, my understanding is that the app was rejected. My understanding is that we need to move the logic in step (5) where we will get the "code" returned by the Oauth process.
In this step, I suppose that we can:
Generate the token
Ask the user to authenticate to our app (they can sign in or sign-up)
Do, when needed, additional Billing API calls and eventually (when the API calls are done) redirect the user to the Billing confirmation page returned by your API.