About Automated Notifications
After you submit an app for OAuth verification, the Trust & Safety team reviews the request to ensure compliance with Google's API policies. During this process, you may receive the following automated notifications regarding the status of your submission.
|
Notification Status |
Description |
Required Action |
|
Approved |
The app has passed the review for the requested branding. |
No action required. The app is verified. |
|
Cancelled: Project Changes |
A configuration change (e.g., User Type, Scopes) rendered the review unnecessary. |
If intentional: No action needed. If accidental: Correct the configuration in the OAuth Consent Screen and resubmit. |
|
Rejected: Timeout |
The request was closed due to inactivity (90 days without a response). |
Locate the support email, gather the requested information, and resubmit the request. |
|
Rejected: Frequent Requests |
The system blocked the request due to multiple submissions in a short period. |
Wait at least 24 hours before submitting a new request. |
Understanding OAuth Verification Request Approvals
Brand Approval
An Approval notification confirms that the project has successfully passed the OAuth verification process for the requested configuration.
Maintenance and Compliance
Verification is valid only for the configuration submitted at the time of review. To maintain verified status:
- Project Contacts: Keep Project Owner and Project Editor accounts and the support email up-to-date in the Google Cloud Console. Failure to respond to periodic compliance audits or security alerts sent to these addresses may result in the revocation of verification.
- Configuration Changes: If you add new sensitive or restricted scopes, or modify branding elements (Application Name or Logo), you must submit a new verification request.
- Scope Inheritance: Verification applies only to any existing approved scopes. The app cannot use unapproved sensitive or restricted scopes without additional verification.
Understanding OAuth Verification Request Cancellations & Rejections
If you received an automated notification stating that your OAuth verification request has been cancelled/rejected, it means our system detected a configuration change in your Google Cloud Project that removes the need for the current verification review, your request timed out, or you submitted too many verification requests in a short span of time.
NOTE: A cancellation applies only to the pending request and does not revoke your existing verification status. Your app retains access to all previously approved scopes, and your currently verified configuration remains active.
This page explains why the cancellation occurred and what your next steps should be.
Rejections Due to Project ChangesIf the project configuration is modified while a review is pending, the system may determine that the review is no longer applicable and automatically cancel the request.
Common Causes
- Reverted Changes: For example, the sensitive or restricted scope that triggered the verification requirement (e.g., Gmail API) was removed from the project configuration.
- Status Change: "Testing": The Publishing Status was changed from In Production to Testing. Apps in "Testing" are ineligible for verification.
- User Type Change: "Internal": The User Type was changed from External to Internal. Internal apps do not require verification.
Resolution
If the changes were intentional
If you switched your app to "Internal" or "Testing," or if you removed the sensitive scopes because you no longer need them, no further action is required.
- Testing or Internal Status: Your app will continue to function according to its current configuration (e.g., adhering to "Testing" user caps or "Internal" audience restrictions).
- Removed Scopes/Branding: Your previously verified configuration remains active. Your app retains access to any previously approved scopes, and users can still sign in.
If the changes were accidental
If you changed your settings by mistake, or if you still require access to sensitive scopes or features for public users:
- Navigate to the OAuth Consent Screen in the Google Cloud Console.
- Review your settings to ensure scopes, user type, and publishing status reflect your intended public app.
- Select Submit for Verification to restart the review process.
Important!
If you make changes that cancel your review more than once in a 24-hour period or more than twice a week, the system will temporarily block submissions from the project and require a mandatory cooldown period of at least 24 hours. Do not attempt to submit the form again immediately—new attempts will reset the timer. After the cooldown period, submit the request once.
No Impact to Your Existing Verification Status
- A cancellation applies only to the pending request and does not revoke your existing verification status. Your app retains access to all previously approved scopes, and your currently verified configuration remains active.
- If you switched to Testing or Internal, when you switch back to In Production or External, public users will immediately be able to sign in and access the previously verified configuration.
A verification request is automatically closed if the support team requests additional information or a change to your project, but the issue was not resolved within 90 days.
Cause and Impact
During the review, the Trust & Safety team may request more information or changes to your project (e.g., clarifications, demo videos, or policy updates) via email. If the case remains idle, the system marks it as stale.
- Console Status: The status in the Google Cloud Console may display as "Rejected." This status applies only to the specific pending request.
- Production Status: The previously verified configuration remains active. The app retains access to any previously approved scopes and configuration.
Troubleshooting Missing Notifications
If you did not see the request for information, follow these steps before resubmitting:
- Check your email: Search your inbox and spam folders for messages from api-oauth-support@google.com.
- Organization Settings: Ensure your organization's email settings allow you to receive emails from outside your domain. You may need to ask your IT administrator to allowlist the google.com domain to prevent blocking external support messages.
Resolution
- Locate the last email from the support team to understand what information was missing.
- Prepare the necessary materials (e.g., updated privacy policy or demo video).
- Navigate to the Google Cloud Console and submit a new verification request.
No Impact to Your Existing Verification Status
A rejection applies only to the pending request and does not revoke your existing verification status. Your app retains access to all previously approved scopes, and your currently verified configuration remains active.
If a notification indicates that a request was cancelled due to "too many requests," the system has temporarily blocked submissions from the project.
Cause
This error is triggered when the Submit for Verification button is clicked multiple times, or when multiple distinct requests are created for the same project within a short time frame.
Resolution
A mandatory cooldown period of at least 24 hours is required.
- Halt Submissions: Do not attempt to submit the form again immediately. New attempts will reset the timer.
- Wait: Allow at least 24 hours to pass from the last submission attempt.
- Resubmit: After the cooldown period, submit the request once.
No Impact to Your Existing Verification Status
A rejection applies only to the pending request and does not revoke your existing verification status. Your app retains access to all previously approved scopes, and your currently verified configuration remains active.