Setting up your OAuth consent screen

Choose an app name that distinctively represents your business. Do not use names that may be confused with Google's or other organizations' brands or combine Google product names with generic terms like "app" or "mobile." Refer to the Google Brand Resource Center guidelines for naming your app/product for more information. 

Examples of unacceptable names:

• Google
• YouTube
• Google+ Online
• Google Drive for iOS
• Mobile YouTube app
• Gmail for Android
• Google Photo App

Examples of acceptable names:

• Photo Browser
• Inbox Assistant
• PDF Viewer for Google Drive
• Top YouTube Videos

In the consent screen, users are shown links to your app's homepage, privacy policy, and terms of service. These pages should help users learn more about your app and provide them with a clear understanding of how their data is used. To ensure successful registration of your project, any domains utilized in these links must be registered as authorized domains. Domains of your authorized redirect URIs and JavaScript origins are also automatically added as authorized domains. 

Your project can only have up to 10 authorized domains. Exceeding this limit will result in a Domain Limit Exceeded Exception. If you need more than 10 unique domains in your redirect URIs and origin URLs, review the Domain Limit Exceeded FAQ for information on how to fix this error.

Avoid using malicious links or domains. Google may flag sites suspected of hosting harmful downloads, engaging in bad practices, or being hacked. Refer to the Cloud Abuse Project History article for more information.

Note: If your application needs to go through verification, you may be required to verify your domain in the Google Search Console.

Projects configured with a user type of External are available to any user with a Google Account.

A user's ability to authorize your app's requested scopes are impacted by your project's publishing status.

Projects associated with a Google Cloud Organization can configure Internal users to limit authorization requests to members of the organization. For more information about migrating a project into a Google Cloud Organization resource, see Migrating projects into an organization.

User authorization of scopes associated with restricted Google Workspace services, including high-risk Gmail and Drive scopes, might require additional configuration by your organization's administrators. For more information, see the Let Internal apps access restricted Google Workspace APIs section of the Control which third-party and internal apps access Google Workspace data article.

An org_internal authorization error is displayed when authorization is requested from users outside the Google Cloud project's parent.

Projects configured with a publishing status of Testing are limited to up to 100 test users listed in the OAuth consent screen. A test user consumes a project's test user quota once added to the project.

Google will display a warning message before allowing a specified test user to authorize scopes requested by your project's OAuth clients. The warning message confirms the user has test access to your project but should consider the risks associated with granting access to their data to an unverified app.

Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.

A Brand Account may authorize scopes requested by your project's OAuth clients if a specified test user manages the Brand Account.

The only exception to this behavior is if your app requests a subset of the following: name, email address, and user profile (through the userinfo.email, userinfo.profile, openid scopes or their OpenID Connect equivalents). For such requests, your users do not need to be in the trusted user list, they will not see a warning message, and their authorizations will not expire after 7 days. If your app uses Sign in with Google to authenticate users then this exception also applies. If your app requests any other OAuth scopes, then this exception does not apply.

A test user may be unable to authorize scopes requested by your project's OAuth clients due to the availability of Google Services for the account or configured restrictions. A Google Workspace may control which third-party apps access its data or an account enrolled in Advanced Protection may block most non-Google apps.

Projects configured with a publishing status of In production are available to any user with a Google Account. A project's publishing status is considered In production after selecting the Publish app button. Your project's configuration may be subject to verification before its name and logo are displayed on an authorization screen or before it may request authorization of sensitive or restricted scopes.

Projects configured with a publishing status of In production should complete the verification process, including defining scopes actively requested by your project's OAuth clients, if it meets one or more of the OAuth verification criteria, as described in Verification status.

Google will display an Unverified apps warning message if your project's OAuth clients request authorization of scopes considered sensitive or restricted before your project has completed verification for those scopes.

Submitting for verification may not be required, based on the current configuration of your OAuth consent screen. Users may not see all of your app's information, including its name and logo, until your project has completed verification.

Review the current configuration of your OAuth consent screen by selecting the Edit App button and reviewing details within. Compare the Authorized domains and Scopes sections of the configuration with the active use by your project's OAuth clients to confirm your OAuth consent screen is properly configured. Review the OAuth verification criteria, as described in Verification status, for any possible impact to your project.

The current configuration of your OAuth consent screen meets one or more OAuth verification criteria, as described in Verification status. Select the Prepare for verification button to review your app's information presented on the OAuth consent screen and, if applicable, describe your app's use of sensitive and/or restricted scopes.

Select the Prepare for verification button to review your app's information presented on the OAuth consent screen and add any scopes requested by your app. Additional requirements, if applicable, will be highlighted during each step of the Prepare for verification process. Select the Submit for verification button on the Final review screen to submit your project for OAuth verification.

Your project's last submitted OAuth consent screen is under review. Additional information about your app, if required, may be requested via email at the email addresses you provided in the Developer contact information section of the Prepare for verification process. Expect the first email within 3-5 days.

Your last approved OAuth consent screen configuration, if applicable, is still in use while the verification of your new configuration is pending. You may alter your OAuth consent screen configuration through the Prepare for verification screens and resubmit if your application details or scope usage has changed.

Your project's last submitted OAuth consent screen is under review to come into compliance with new OAuth consent screen requirements. Additional information about your app, if required, may be requested via email at the email addresses you provided in the Developer contact information section of the Prepare for verification process. Expect the first email within 3-5 days.

Your last approved OAuth consent screen configuration is still in use while the verification of your new configuration is pending. You may alter your OAuth consent screen configuration through the Prepare for verification screens and resubmit for verification if your application details or scope usage has changed.

Your project's OAuth consent screen verification is paused and requires additional action. Review emails sent to the email addresses you provided in the Developer contact information section of the Prepare for verification process for more information shared by Google's Trust and Safety team. Respond to the email you received once you have addressed outstanding items.

Your project is subject to a third-party security assessment to demonstrate secure data handling requirements of the Google API Services User Data Policy or the policies of a specific enabled Google API. Review emails sent to the email addresses you provided in the Developer contact information section of the Prepare for verification process for more information shared by Google's Trust and Safety team, including important deadlines to obtain and present a Letter of Assessment from a Google-designated third-party.

Your submitted request for verification of your OAuth consent screen changes was rejected. Your last approved OAuth consent screen configuration is in use.

Review emails sent to the email addresses you provided in the Developer contact information section of the Prepare for verification process for more information shared by Google's Trust and Safety team regarding the rejection and any required changes to your project's OAuth consent screen configuration.

Your currently configured OAuth consent screen has been verified by Google.

If you make changes requiring verification, such as requesting new scopes or editing the information shown on a consent screen, you must resubmit your application for review before those changes are verified and published.