OAuth consent screen - ability to remove application logo
Solution 1
In order to delete the logo, follow these steps:
- Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative. https://console.cloud.google.com/apis/credentials/consent
- Upload any image that differs from the one previously uploaded.
- Open your Developer Tools (F12 or Ctrl+Shift+I).
- Open the Network tab.
- (Optional) Press the Clear button to make it easier to search later.
- Click the Save button on the website to upload the new logo. (If the Save button is disabled, go through the full "Submit for Verification" process.)
- In the Network tab, look for a request similar to "123456789987?alt=json&key=...".
- Click on the entry and ensure that the Request Method is PUT.
- Right-Click the entry and select "Copy"->"Copy as cURL (bash)".
- Paste it into a text editor and search for the text
"iconUrl":"https://..."
. - Change the text to read like the following:
"iconUrl":""
. - Back on the site, open up a Cloud Console session (The terminal icon in the top menu bar) and paste the modified command, then run it.
- Verify that logo got removed from consent screen and verification status has changed.
Please keep in mind that this may require you to verify your app again.
Since June 11th of 2020 there's a Feature request open requesting the adition of a remove logo button to make this process easier. Please leave your comment, star the issue and leave a +1 if you are also affected by this issue.
Solution 2
As of May 31, 2021 (EDIT: mcriecken confirmed this worked as of Dec 2021) I was able to remove the icon with following steps. Since this is a combination of two answers above with additional steps I put all the steps here for clarity. Credits to @Chris32 and @ropsnou for the initial steps.
- Remove all existing API keys and Client IDs from the OAuth Credentials page
- Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative.
- Upload any image that differs from the one previously uploaded and click "Save and continue"
- In the Network tab, look for a PUT request like this: https://clientauthconfig.clients6.google.com/v1/brands/745625634622/icon?key={key}
- Right-Click the request and select "Copy"->"Copy as cURL (bash)".
- Paste it into a text editor and do following changes
- Remove
/icon
from the url - Change request method to
DELETE
- Remove
--data-raw
parameter and its long value
- Remove
- Activate Cloud Shell by clicking the terminal icon in the top-right corner of the GCP website. Paste and run the command you modified in the previous step. If you get
INVALID_ARGUMENT
error you probably still have an API key or Client ID associated with the consent screen. If you get{}
the command was successful and the logo was removed. However, together with the logo a larger brand entity was also removed, and if you try to modify the consent screen you will get "An error saving your app has occurred." - To recreate the brand run the following command in the Cloud Shell (it assumes you have the correct project active):
EDIT: The command may fail for two reasons (see comments for more info):- User is not owner of the email
- Project is not in an organization
gcloud alpha iap oauth-brands create --application_title='<title>' --support_email='<email>'
- Now the logo is gone and you can again modify the consent screen
Solution 3
For those who were unable to update it using the 'PUT' method (as answered by @Chris32 )and are ready to delete the consent screen and create a new one, can simply replace 'PUT' with 'DELETE' and remove --data-binary section (as delete doesn't take any payload) and can run it using a regular bash shell.
Solution 4
The methods above did not work for me, I kept getting INVALID_ARGUMENT. This is because I had client credentials in the project. I had to delete the client credentials and the DELETE request method (without data-binary) worked for me.
Solution 5
[UPDATE] - 2020
Is still possibile to delete your previously uploaded logo through an API call, although it requires a little modification of the answer Abhishek Srivastava suggested.
You need to:
- "Copy as cURL (bash)" as for the original answer
- Replace the PUT method with DELETE
- Do not remove the --data-binary section, instead clean it all up until it looks like this and nothing else:
--data-binary '{"brandId":"<your_brand_id>"}'
This will remove your consent screen entirely,
Dipen Bhikadya
Updated on June 05, 2022Comments
-
Dipen Bhikadya almost 2 years
I added an application logo by mistake on the OAuth consent screen (URL: https://console.cloud.google.com/apis/credentials/consent), and now it says my consent screen requires verification by Google.
Is there any way to remove the application logo from the consent screen?
Edit: I didn't make it clear before but I wanted to remove the logo to get rid of the verification notice.
-
Steven Matthews almost 5 yearsI am trying to avoid verifying the app
-
Chris32 almost 5 yearsI work in Cloud Platform Support and I am not aware of any method to undo google verification. At this point you can ignore the verification emails, after 3 emails they will stop insisting and the application will remain with the unverified tag, or you can proceed to verify it. The procedure is only to remove the logo
-
Mario R. almost 5 yearsThat's true, you should complete the change. Usually any change you made on the consent screen will required you to submit a new verification process, I would recommend to make the change and request G Suite API support to help you and see if there is a chance to speed up the process since the change was minimum.
-
a paid nerd over 4 yearsThis method worked for me. I set the
iconUrl
to an empty string and now no longer need verification. -
Paul Martinez over 4 yearsI followed the instructions but I got error :"error": { "code": 400, "message": "Invalid value \"json^\" for query parameter 'alt'", "status": "INVALID_ARGUMENT" } } curl: (6) Could not resolve host: petit curl: (3) [globbing] bad range specification in column 156 curl: (6) Could not resolve host: for curl: (3) [globbing] unmatched close brace/bracket in column 131 . I just removed the url inside the bracket...
-
Simon Michael about 4 yearsWorked for me today, except I had no visible "cloud console". Running the curl command in a shell on my local machine worked.
-
Dipen Bhikadya about 4 years@Chris32 has posted an answer which works. Marking his answer as the accepted answer.
-
Michael Brant almost 4 yearsThis didn't work. Is this seriously the procedure for something that should just be a button on the console? This approval process is the worst.
-
Leo almost 4 yearsJust tried this as well without success. This really must be one of the shittiest experiences I ever had as a developer...
-
Chris32 almost 4 yearsFor all you guys experiencing this issue, there is an open feature request to solve this issue. If you feel so you can go by star the issue and leave a comment as you are also expecting this feature to be default
-
Guybrush almost 4 years@Chris32 please, for your experience, how much time (days, weeks, months...) they take to solve this kind of issue? The procedure explained in the answer didn't work for me :(, I double checked the steps...
-
Chris32 almost 4 yearsWell, since this is the introduction of a new feature i'm not even sure if they are going to implement this at all. This will depend on the ammount of users requesting this feature (go and star the PIT). Then this can take between some months (maybe 6 months?) and years. In any case don't count on having this tool anytime soon because is unlikely
-
Evgeniy almost 4 yearsThis is no longer working. Google changed image implementation from icon URL to its Base64 encoding. Look here: stackoverflow.com/q/62414912/1992004
-
Elijah Mock almost 4 yearsYou may need to switch from console.developers.google.com to console.cloud.google.com to get to the cloud console.
-
Eric Gopak almost 4 yearsAs of August 2020 the issue is still present, but this solution no longer works because Google API requests have changed. It now sends base64-encoded image data within the request and replacing it with an empty value returns an error. (the same mentioned in the comments above)
-
Alex Benfica over 3 yearsI did this. The request returned 200. It took around 2 or 3 minutes for it to reflect on the UI.
-
Charles Engelke over 3 yearsWorked immediately. Thanks!
-
Alexandr over 3 years@AlexBenfica Do you only changed
PUT
toDELETE
and removed--data-binary
section? Doing this in my case request returned"error": {"code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" }
-
Alex Benfica over 3 yearsIf I remember well... that was all I did. But I might have removed any other parameter that does not make sense for a DELETE call.
-
Taufiq Muhammadi over 3 yearsWorks! Thank you! What a terrible experience by google
-
jasan over 3 yearsalso getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
-
jasan over 3 yearsalso getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } }
-
Mattia Pellin over 3 yearsYou are probably sending the status also in the payload, double check your complete API call
-
Fasoeu over 3 years@jasan I had the same issue. I solved removing the "OAuth 2.0. Client ID" (under Credentials section) before proceeding with the curl command
-
A H over 3 yearsThe DELETE call causes an ERROR 404 not found error
-
A H over 3 yearsThis no longer works for me, I'm getting a 404 error.
-
Frosty Z over 3 yearsAlways 404 error here with
DELETE
method as well,PUT
doesn't work either :-( No sensitive/restricted scope asked. OAuth consent screen still "needs verification" presumably because of the app icon. Tried to submit for verification twice 3 days ago but still got no validation nor message from Google. Creating a new app would mean losing all public reviews / usage stats :-( Very frustrating. -
Reactgular over 3 yearsWhy Google. Why? Why such a pain!
-
Hipster Cat about 3 yearsThis no longer works look at stackoverflow.com/questions/62414912/…
-
user2483352 almost 3 yearsThis method worked for me, but only after removing all API KEYS and Client-IDs associated with the project.
-
Monyker almost 3 yearsThis didn't work correctly for me. I removed OAuth credentials associated with the project (there were no other keys/IDs for the project) and entered the shell command as specified. This cleared everything (including app name and logo) except Authorized domains and Developer contact information from the OAuth consent screen. It didn't delete the consent screen entirely. When I edit the consent screen, fill all required fields, and attempt to save and continue, I see, "An error saving your app has occurred." I guess I'll delete the project and start over.
-
Samuli Asmala almost 3 yearsDidn't work for me and I had the same experience as @Monyker. "An error saving your app has occurred." response paylod had a reason for failure:
RESOURCE_DELETED
and the resource name in question wasbrand
. -
Latenec almost 3 yearsThanks! This is very well detailed information and functional.
-
Inversion almost 3 yearsStep 8 fails for me with an error: INVALID_ARGUMENT: Request contains an invalid argument.
-
Samuli Asmala almost 3 yearsJust a guess but maybe you have a typo in argument name or illegal characters in title or email value? Would help if you post the full command. Or Google has changed something again.
-
Adam D over 2 yearsStep 8 also fails for me with INVALID_ARGUMENT: Request contains an invalid argument. I tried gcloud alpha iap oauth-brands create --application_title='myappname' --support_email='[email protected]' and even the same command with <title> and <email> left in.
-
Samuli Asmala over 2 yearsAdam, please try the command with a real email address you own. According to the docs "the user issuing the request must be an owner of the specified support email address." cloud.google.com/iap/docs/…
-
Prakhar over 2 yearsI can confirm that this works as of Sep-2021. If you are getting INVALID_ARGUMENT error, make sure to delete the client-ids on credential page and then follow step 8 before saving.
-
Fadi Banna over 2 years@Prakhar recreating the brand still gives me an INVALID_ARGUMENT error even though there are no client ids whatsoever have any idea what else might be causing this I'm stuck with this for hours any help would be appreciated
-
Samuli Asmala over 2 years@FadiBanna is the email address you are using in
--support_email
parameter at step 8 shown in the consent screen configuration"User support email" dropdown? -
Fadi Banna over 2 years@SamuliAsmala yes it is
-
Azzam Asghar over 2 yearsStep 8 seems to fail for me too with the same error message "INVALID_ARGUMENT: Request contains an invalid argument". Even "gcloud alpha iap oauth-brands list" gives the same error. Have this stopped working or i have missed something @SamuliAsmala??
-
Víctor over 2 yearsI have done this and now I can´t use anything!!!!! I can´t add oAuth Client key!!! PLEASE DON´T DO THIS
-
urs32 over 2 yearsYou can migrate the recources from google cloud platform from "no organization" to a free organization indentity. Then "gcloud alpha iap oauth-brands" commands will work. See github.com/google/triggerator /Limitations: The instructions below must be run within a Google Cloud Organization by a member of that org.
-
Samuli Asmala over 2 years@Victor, could it be that your project was not in organization and that was the reason for the failure?
-
mcriecken over 2 yearsCan confirm this worked as of Dec '21. The only thing I'd note is that in step 7 I was unclear what the Cloud Console session was. The icon to open this is on the actual webpage in the top-right corner.
-
Samuli Asmala over 2 yearsThanks for the confirmation and feedback. I updated the answer accordingly.
-
Bback.Jone over 2 yearsYou saved my life thank you so so much
-
Gean over 2 yearsThanks! It worked at Jan 25 2022. I had to remove all keys and credentials before.
-
Osagui Aghedo over 2 yearsWhat Network Tab? I don't see this no where
-
Samuli Asmala over 2 yearsIt's the Chrome developer tools' Network Tab. You can access developer tools with CTRL + SHIFT + I.
-
Mike S almost 2 yearsConfirming this still works as of May 2022.
-
Simo almost 2 yearsSame here, messed up with the consent screen. I had to add the command
gcloud alpha iap oauth-brands create --application_title='<title>' --support_email='<email>'