We configured an OAuth consent screen in Google Cloud Console. Our application is configured like this:

We only request non-sensitive scopes:

As you can see, our application needs verification because we added application logo (it is not possible to remove it, arghhhh). However, users can still log in without any warning. Is this expected? Will it continue to work forever, even if verification status is "needs verification".