Google has safe ways for users to sign in and share their Google Account data with third-party applications. To help protect your account, Google sign-in requests are blocked from apps with less secure authorization methods because they’re more vulnerable to phishing and app impersonation attacks.
App sent an invalid request
If the app is blocked because it uses an unsupported authorization method, you may be directed to an “Error 400” page that says “Access blocked: App sent an invalid request.”
What can I do about this error?
If you aren't using the latest version of the app, update your app to the latest version and try again.
- If the operating system (OS) on which the app is installed is outdated, update the OS to the latest version.
You can also contact the app developer and ask them to update their app to use more secure authorization methods.
To find the developer contact information:
- Go to the third-party app.
- Start the "Sign in with Google" flow.
- On the "Sign in with Google" consent screen, click on the app name to see the developer’s contact email.
Info for app developers
If your app uses the Loopback IP Address method for iOS, Android, and Chrome app OAuth client types or the Out-Of-Band method for any client type, you’ll need to migrate to a more secure alternative method. For detailed instructions, check the Out-Of-Band (OOO) flow migration guide and Loopback IP Address flow migration guide.