Sign in with Google temporarily disabled for this app

oauth-2.0 oauth google-api google-oauth google-signin
70,382

Solution 1

I found this thread some time ago when this happened to us in our development project on Google Cloud Platform.

You can use a project for development without verification. No problem on that. But there are some limitations (more information here and here). Basically, we reached the limit of 100 users accessing the application. It was strange because we were testing with few accounts (5-6) until we found that, if you uninstall and install the application again, it counts as a new user. We were testing incremental authorization, so we uninstalled/installed the application a lot of times and we reached the quota.

When you reach this limit, you will see the message "Sign in with Google temporarily disabled for this app" and only users from the organization where the project is hosted can access the application. So we couldn't make test with our accounts from a demo domain or our Gmail accounts.

The only solution available was to pass the OAuth verification form (even if you didn't want to publish the application), but there were problems to do it. For example, it was mandatory to remove http://localhost from valid OAuth URLs. And more problems related with development.

But this has changed recently. I have accessed to OAuth credentials screen in Google Cloud Platform (APIs & Services > Credentials > OAuth consent screen) during this week and now the page it's different. Now you don't need to specify "Authorised JavaScript origins" and "Authorised redirect URIs", you just need to specify your scopes for Google APIs and the Authorised domains. Then, at the bottom of the page you will find the button "Submit Verification" and the process will start. You will also find some information on the right:

About the consent screen

The consent screen tells your users who is requesting access to their data and what kind of data you're asking to access.

OAuth Developer Verification

To protect you and your users, your consent screen may need to be verified by Google. Without verification, your users will see an additional page indicating that your app is not verified by Google.

Verification is required if

Your application type is public, and You add a sensitive scope Verification may take several days to complete. You will receive email updates as it's processed.

Saving without publishing

Even though your consent screen is unpublished, you can still test your application with users with the following limitations:

  • Sensitive scopes are limited to 100 grant requests before verification is required

  • Users see an additional page indicating that your app is not verified by Google.

To include "Authorised Javascript Origins" and Authorised redirect URIs" you need to go to APIs & Services > Credentials and there click on your OAuth 2.0 client ID. There will be a form where you can add them.

In our case it took 1 day to get a response from Google. In the email there were some instructions to pass the verification. We had to reply the email with a video uploaded on YouTube addressing the following points:

  1. How does user sign-up on your app and grants access to the sensitive scopes requested in verification?
  2. OAuth consent screen as seen by end users
  3. How does your application use the requested scopes to provide services to developers?
  4. A test account email and the password for us to test the user sign-up process and validate the project's functionality.

We recorded a video showing points 1, 2 and 3 and sent them a test account for number 4.

After 1 day, we got another response from Google confirming that our project had been verified.

So finally the problem was solved! 🙂

I hope this could help people in the same situation. It was really annoying for us.

Solution 2

OAuth Client Verification

Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.

OAuth Client Verification Starting July 18, 2017, Google OAuth clients that request certain sensitive OAuth scopes will be subject to review by Google.

Review is not required if you are only using it under the same account as created the project in Google Developer console. You can read more about this change in this help center article.

This change applies to Google OAuth web clients, including those used by all Apps Script projects. By verifying your app with Google, you can remove the unverified app screen from your authorization flow and give your users confidence that your app is non-malicious.

Once you have applied for verification it takes around a week and it should start working.

Solution 3

I had to go into my Google Apps Script settings and turn on the "Google Apps Script API" setting. Then I tried again, and the script executed correctly without issue.

I had used the script a couple of weeks ago and it worked fine, so something must have happened between then and now that changed it... Not sure what caused that setting to switch.

Share:
70,382
Ranjani
Author by

Ranjani

Updated on July 24, 2022

Comments

  • Ranjani
    Ranjani almost 2 years

    We are facing the below screen when trying to authenticate to Google. The app that we are trying to authenticate is used for internal development and we did not publish it to our users.

    Any idea why this occurs?

    enter image description here

    We faced an Unverified App screen before (as below) but now the authentication is disabled.

    enter image description here

  • dvelopp
    dvelopp almost 6 years
    Before today it was possible to proceed with pressing buttons below. Now it seems impossible. How can I work with that until my app is verified? Thank you.
  • DaImTo
    DaImTo almost 6 years
    you should still be able to use it from the account that create it
  • dvelopp
    dvelopp almost 6 years
    It's not enough for me for my testing. I need to have several accounts authorized into my apps. I believe that there should be a way to return this ability back.
  • DaImTo
    DaImTo almost 6 years
    Its normally takes about a week in the future make sure to apply as soon as you begin development this way by the time you have reached the point of needing to test with other users you will be verified.
  • Ranjani
    Ranjani almost 6 years
    This is just a testing app which we use for internal development. As per Google guidelines, we need not get approval for this. We used to face the Unverified screen before and we proceed by clicking the "Advanced" button. This error message that we are facing now does not allow us to do that. I'm updating the question with the screen that we faced before.
  • DaImTo
    DaImTo almost 6 years
    Google only gives you that option for a limited amount of time to enable you to continue to work while you are under the approval process. Even an internal only app falls under googles guidelines of apps that must be verified. Google has no way to know this is only an internal app and even if it is even internal users should be protected. If you want that screen back create a new project add the new client id to your project and you will have it again.
  • DaImTo
    DaImTo almost 6 years
    I have seen no guidelines that state that some apps dont have to be approved. Mind linking me that.
  • Ranjani
    Ranjani almost 6 years
    Check out the 3rd point under "Who needs to fill out this form?" in support.google.com/code/contact/oauth_app_verification. Our app is not published in the marketplace so I guess we did not need to fill out this form.
  • DaImTo
    DaImTo almost 6 years
    check out the first point in Who doesn't need to fill out this form? If your accessing it by someone who does not have access on the Google developer console your going to have to fill it out. Btw have you bee approved now?
  • Ranjani
    Ranjani almost 6 years
    No. We submitted our app for approval and after so much conversation back and forth (which lasted almost 15 days), we got a reply that development/testing apps cannot be approved. We are still facing this error screen and all our development is brought to a stop because of this. Yes, the first point mentions that. But I think it is only for the Unverified App screen that Google shows before we Advance to the authentication. There is nothing that states that the app (which is not even published in marketplace) will be blocked if it is not verified.
  • DaImTo
    DaImTo almost 6 years
    I think thats something you need to take up with Google its not something that Stack can help with. We can only tell you that the cause of your problem is that your not verified and that you need to become verified. How you go about that is going to be between you and google. I have sent a few comments to the team that the documents need to be more clear but i am not in charge of googles documentation so cant really do more than advice them from a developer standpoint.
  • dvelopp
    dvelopp over 5 years
    So, have you verified your development and testing environment?
  • Graeme
    Graeme over 5 years
    Thanks for the list, I have two additions/suggestions: 1) You'll need to revoke your access before recording the screencast to ensure that the OAuth consent screen will display. 2) Google wants to see your client_id in the OAuth flow (to verify that your video matches the requesting OAuth project). I wrote an article about avoiding these pitfalls and shared an example video here: cloudsponge.com/blog/google-oauth-verification-video
  • Ruben Lopez
    Ruben Lopez over 5 years
    Great! Thank you! I've also edited my answer and included where to add "Authorised Javascript Origins" and Authorised redirect URIs" now.
  • Yusril Maulidan Raji
    Yusril Maulidan Raji over 4 years
    @DaImTo Review is not required if you are only using it under the same account as created the project in Google Developer console. You can read more about this change in this help center article. Is it possible to add an additional account via Google Developer console then?
  • DaImTo
    DaImTo over 4 years
    Depends upon what you mean by account. another gmail user? Wouldn't effect that verification.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Why do access tokens expire?
Google API refresh token limit
Unable to refresh OAuth2 token in PHP, invalid grant
POSTMAN, OAuth2 and Google Directory API
How I can get user info profile from Google API?
How to use Refresh Token Google API in Python?
Retrieving date of birth and marital status with Google OAuth API
Google oauth subdomains
Google OAuth token request returns "invalid_client": "Unauthorized"
Is it possible to get phone number via Google oAuth2?