OAuth consent screen - ability to remove application logo

google-cloud-platform google-api google-oauth

19,995

Solution 1

In order to delete the logo, follow these steps:

Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative. https://console.cloud.google.com/apis/credentials/consent
Upload any image that differs from the one previously uploaded.
Open your Developer Tools (F12 or Ctrl+Shift+I).
Open the Network tab.
(Optional) Press the Clear button to make it easier to search later.
Click the Save button on the website to upload the new logo. (If the Save button is disabled, go through the full "Submit for Verification" process.)
In the Network tab, look for a request similar to "123456789987?alt=json&key=...".
Click on the entry and ensure that the Request Method is PUT.
Right-Click the entry and select "Copy"->"Copy as cURL (bash)".
Paste it into a text editor and search for the text "iconUrl":"https://...".
Change the text to read like the following: "iconUrl":"".
Back on the site, open up a Cloud Console session (The terminal icon in the top menu bar) and paste the modified command, then run it.
Verify that logo got removed from consent screen and verification status has changed.

Please keep in mind that this may require you to verify your app again.

Since June 11th of 2020 there's a Feature request open requesting the adition of a remove logo button to make this process easier. Please leave your comment, star the issue and leave a +1 if you are also affected by this issue.

Solution 2

As of May 31, 2021 (EDIT: mcriecken confirmed this worked as of Dec 2021) I was able to remove the icon with following steps. Since this is a combination of two answers above with additional steps I put all the steps here for clarity. Credits to @Chris32 and @ropsnou for the initial steps.

Remove all existing API keys and Client IDs from the OAuth Credentials page
Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative.
Upload any image that differs from the one previously uploaded and click "Save and continue"
In the Network tab, look for a PUT request like this: https://clientauthconfig.clients6.google.com/v1/brands/745625634622/icon?key={key}
Right-Click the request and select "Copy"->"Copy as cURL (bash)".
Paste it into a text editor and do following changes
- Remove /icon from the url
- Change request method to DELETE
- Remove --data-raw parameter and its long value
Activate Cloud Shell by clicking the terminal icon in the top-right corner of the GCP website. Paste and run the command you modified in the previous step. If you get INVALID_ARGUMENT error you probably still have an API key or Client ID associated with the consent screen. If you get {} the command was successful and the logo was removed. However, together with the logo a larger brand entity was also removed, and if you try to modify the consent screen you will get "An error saving your app has occurred."
To recreate the brand run the following command in the Cloud Shell (it assumes you have the correct project active):
EDIT: The command may fail for two reasons (see comments for more info):
- User is not owner of the email
- Project is not in an organization

gcloud alpha iap oauth-brands create --application_title='<title>' --support_email='<email>'

Now the logo is gone and you can again modify the consent screen

Solution 3

For those who were unable to update it using the 'PUT' method (as answered by @Chris32 )and are ready to delete the consent screen and create a new one, can simply replace 'PUT' with 'DELETE' and remove --data-binary section (as delete doesn't take any payload) and can run it using a regular bash shell.

Solution 4

The methods above did not work for me, I kept getting INVALID_ARGUMENT. This is because I had client credentials in the project. I had to delete the client credentials and the DELETE request method (without data-binary) worked for me.

Solution 5

[UPDATE] - 2020

Is still possibile to delete your previously uploaded logo through an API call, although it requires a little modification of the answer Abhishek Srivastava suggested.

You need to:

"Copy as cURL (bash)" as for the original answer
Replace the PUT method with DELETE
Do not remove the --data-binary section, instead clean it all up until it looks like this and nothing else: --data-binary '{"brandId":"<your_brand_id>"}'

This will remove your consent screen entirely,

View more solutions

19,995

Author by

Dipen Bhikadya

Updated on June 05, 2022

Comments

Dipen Bhikadya almost 2 years

I added an application logo by mistake on the OAuth consent screen (URL: https://console.cloud.google.com/apis/credentials/consent), and now it says my consent screen requires verification by Google.

Is there any way to remove the application logo from the consent screen?

Edit: I didn't make it clear before but I wanted to remove the logo to get rid of the verification notice.
Steven Matthews almost 5 years

I am trying to avoid verifying the app
Chris32 almost 5 years

I work in Cloud Platform Support and I am not aware of any method to undo google verification. At this point you can ignore the verification emails, after 3 emails they will stop insisting and the application will remain with the unverified tag, or you can proceed to verify it. The procedure is only to remove the logo
Mario R. almost 5 years

That's true, you should complete the change. Usually any change you made on the consent screen will required you to submit a new verification process, I would recommend to make the change and request G Suite API support to help you and see if there is a chance to speed up the process since the change was minimum.
a paid nerd over 4 years

This method worked for me. I set the iconUrl to an empty string and now no longer need verification.
Paul Martinez over 4 years

I followed the instructions but I got error :"error": { "code": 400, "message": "Invalid value \"json^\" for query parameter 'alt'", "status": "INVALID_ARGUMENT" } } curl: (6) Could not resolve host: petit curl: (3) [globbing] bad range specification in column 156 curl: (6) Could not resolve host: for curl: (3) [globbing] unmatched close brace/bracket in column 131 . I just removed the url inside the bracket...
Simon Michael about 4 years

Worked for me today, except I had no visible "cloud console". Running the curl command in a shell on my local machine worked.
Dipen Bhikadya about 4 years

@Chris32 has posted an answer which works. Marking his answer as the accepted answer.
Michael Brant almost 4 years

This didn't work. Is this seriously the procedure for something that should just be a button on the console? This approval process is the worst.
Leo almost 4 years

Just tried this as well without success. This really must be one of the shittiest experiences I ever had as a developer...
Chris32 almost 4 years

For all you guys experiencing this issue, there is an open feature request to solve this issue. If you feel so you can go by star the issue and leave a comment as you are also expecting this feature to be default
Guybrush almost 4 years

@Chris32 please, for your experience, how much time (days, weeks, months...) they take to solve this kind of issue? The procedure explained in the answer didn't work for me :(, I double checked the steps...
Chris32 almost 4 years

Well, since this is the introduction of a new feature i'm not even sure if they are going to implement this at all. This will depend on the ammount of users requesting this feature (go and star the PIT). Then this can take between some months (maybe 6 months?) and years. In any case don't count on having this tool anytime soon because is unlikely
Evgeniy almost 4 years

This is no longer working. Google changed image implementation from icon URL to its Base64 encoding. Look here: stackoverflow.com/q/62414912/1992004
Elijah Mock almost 4 years

You may need to switch from console.developers.google.com to console.cloud.google.com to get to the cloud console.
Eric Gopak almost 4 years

As of August 2020 the issue is still present, but this solution no longer works because Google API requests have changed. It now sends base64-encoded image data within the request and replacing it with an empty value returns an error. (the same mentioned in the comments above)
Alex Benfica over 3 years

I did this. The request returned 200. It took around 2 or 3 minutes for it to reflect on the UI.
Charles Engelke over 3 years

Worked immediately. Thanks!
Alexandr over 3 years

@AlexBenfica Do you only changed PUT to DELETE and removed --data-binary section? Doing this in my case request returned "error": {"code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" }
Alex Benfica over 3 years

If I remember well... that was all I did. But I might have removed any other parameter that does not make sense for a DELETE call.
Taufiq Muhammadi over 3 years

Works! Thank you! What a terrible experience by google
jasan over 3 years

also getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
jasan over 3 years

also getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
Mattia Pellin over 3 years

You are probably sending the status also in the payload, double check your complete API call
Fasoeu over 3 years

@jasan I had the same issue. I solved removing the "OAuth 2.0. Client ID" (under Credentials section) before proceeding with the curl command
A H over 3 years

The DELETE call causes an ERROR 404 not found error
A H over 3 years

This no longer works for me, I'm getting a 404 error.
Frosty Z over 3 years

Always 404 error here with DELETE method as well, PUT doesn't work either :-( No sensitive/restricted scope asked. OAuth consent screen still "needs verification" presumably because of the app icon. Tried to submit for verification twice 3 days ago but still got no validation nor message from Google. Creating a new app would mean losing all public reviews / usage stats :-( Very frustrating.
Reactgular over 3 years

Why Google. Why? Why such a pain!
Hipster Cat about 3 years

This no longer works look at stackoverflow.com/questions/62414912/…
user2483352 almost 3 years

This method worked for me, but only after removing all API KEYS and Client-IDs associated with the project.
Monyker almost 3 years

This didn't work correctly for me. I removed OAuth credentials associated with the project (there were no other keys/IDs for the project) and entered the shell command as specified. This cleared everything (including app name and logo) except Authorized domains and Developer contact information from the OAuth consent screen. It didn't delete the consent screen entirely. When I edit the consent screen, fill all required fields, and attempt to save and continue, I see, "An error saving your app has occurred." I guess I'll delete the project and start over.
Samuli Asmala almost 3 years

Didn't work for me and I had the same experience as @Monyker. "An error saving your app has occurred." response paylod had a reason for failure: RESOURCE_DELETED and the resource name in question was brand.
Latenec almost 3 years

Thanks! This is very well detailed information and functional.
Inversion almost 3 years

Step 8 fails for me with an error: INVALID_ARGUMENT: Request contains an invalid argument.
Samuli Asmala almost 3 years

Just a guess but maybe you have a typo in argument name or illegal characters in title or email value? Would help if you post the full command. Or Google has changed something again.
Adam D over 2 years

Step 8 also fails for me with INVALID_ARGUMENT: Request contains an invalid argument. I tried gcloud alpha iap oauth-brands create --application_title='myappname' --support_email='[email protected]' and even the same command with <title> and <email> left in.
Samuli Asmala over 2 years

Adam, please try the command with a real email address you own. According to the docs "the user issuing the request must be an owner of the specified support email address." cloud.google.com/iap/docs/…
Prakhar over 2 years

I can confirm that this works as of Sep-2021. If you are getting INVALID_ARGUMENT error, make sure to delete the client-ids on credential page and then follow step 8 before saving.
Fadi Banna over 2 years

@Prakhar recreating the brand still gives me an INVALID_ARGUMENT error even though there are no client ids whatsoever have any idea what else might be causing this I'm stuck with this for hours any help would be appreciated
Samuli Asmala over 2 years

@FadiBanna is the email address you are using in --support_email parameter at step 8 shown in the consent screen configuration"User support email" dropdown?
Fadi Banna over 2 years

@SamuliAsmala yes it is
Azzam Asghar over 2 years

Step 8 seems to fail for me too with the same error message "INVALID_ARGUMENT: Request contains an invalid argument". Even "gcloud alpha iap oauth-brands list" gives the same error. Have this stopped working or i have missed something @SamuliAsmala??
Víctor over 2 years

I have done this and now I can´t use anything!!!!! I can´t add oAuth Client key!!! PLEASE DON´T DO THIS
urs32 over 2 years

You can migrate the recources from google cloud platform from "no organization" to a free organization indentity. Then "gcloud alpha iap oauth-brands" commands will work. See github.com/google/triggerator /Limitations: The instructions below must be run within a Google Cloud Organization by a member of that org.
Samuli Asmala over 2 years

@Victor, could it be that your project was not in organization and that was the reason for the failure?
mcriecken over 2 years

Can confirm this worked as of Dec '21. The only thing I'd note is that in step 7 I was unclear what the Cloud Console session was. The icon to open this is on the actual webpage in the top-right corner.
Samuli Asmala over 2 years

Thanks for the confirmation and feedback. I updated the answer accordingly.
Bback.Jone over 2 years

You saved my life thank you so so much
Gean over 2 years

Thanks! It worked at Jan 25 2022. I had to remove all keys and credentials before.
Osagui Aghedo over 2 years

What Network Tab? I don't see this no where
Samuli Asmala over 2 years

It's the Chrome developer tools' Network Tab. You can access developer tools with CTRL + SHIFT + I.
Mike S almost 2 years

Confirming this still works as of May 2022.
Simo almost 2 years

Same here, messed up with the consent screen. I had to add the command gcloud alpha iap oauth-brands create --application_title='<title>' --support_email='<email>'