Google OAuth external application in production needs verification, but login still works

Skip to first unread message

Aleks Vujic

Aug 8, 2022, 12:35:59 PM8/8/22
to Google Cloud Developers
We configured an OAuth consent screen in Google Cloud Console. Our application is configured like this:


We only request non-sensitive scopes:


As you can see, our application needs verification because we added application logo (it is not possible to remove it, arghhhh). However, users can still log in without any warning. Is this expected? Will it continue to work forever, even if verification status is "needs verification".

Osvaldo Lopez Acuña

Aug 8, 2022, 5:00:59 PM8/8/22
to Google Cloud Developers
Take a look at the “Upcoming Policy Enforcement Notice” section and “When to go through verification” section of this document [1]. 

As it is established there, Google is continuously re-evaluating the risk associated with user data access, and may upgrade the risk of certain data types and scopes to sensitive or restricted. When this happens, apps using such scopes may become unverified, but will be given a grace period to go through verification before the unverified app screen and user cap are applied to them. [1]:

Reply all
Reply to author
0 new messages