Unverified apps

An unverified app is a web application or Apps Script that requests a sensitive OAuth scope, but hasn't gone through the Google verification process. Users of unverified apps or your test builds might get warnings based on the OAuth scopes you're using. This is to protect users and their data from deceptive applications.

Unverified app warnings

Unverified app warnings are shown in the following ways:

Unverified app screen

  • The app or script might display an "unverified app" screen before it displays the consent screen. This is based on the specific scopes that your app includes in the request. This warning will display when:
    • Your app uses sensitive scopes and you haven't configured your OAuth Consent Screen and requested verification.
    • You selected sensitive scopes on the OAuth Consent Screen and requested verification, but the verification is in not yet complete.
    • Your app uses sensitive scopes that you haven't selected on the OAuth Consent Screen configuration page.
    Unverified app screen on mobile

Security Checkup

  • Security Checkup might show your app as risky and unverified. This is based on the access a user has given to an unverified app.
    Security Checkup on mobile for a risky app

Unverified app user cap

To protect users and Google systems from abuse, applications that use OAuth and Google Identity have certain quota restrictions based on the risk level of the OAuth scopes an app uses.

Sign in with Google temporarily disabled window

To remove these screens from your app, or to prevent your app from being marked as risky, you'll need to go through the verification process.

When to go through verification

You need to go through verification before you launch a user-facing app. You can continue to build and test your application while waiting to complete verification. When your app is successfully verified, the unverified app screen will be removed from your client.

You don't need to go through verification for the following kinds of apps:

  • Apps in development: if your app is experimental or a test build, you don't need to go through verification unless you decide to launch it to the public.
  • OAuth-based plugins: if you're setting up an OAuth-based plugin for a popular platform, such as SMTP for Wordpress, you don't need to go through the verification process.
  • Internal apps: if your app is an internal web app for users in the same G Suite domain and the app is associated with a Cloud Organization that all of your users belong to, you don't need to go through verification. Learn more about public and internal applications.
NOTE: If you change your client or use new scopes after verification, you might have to go through verification again.

Verification for apps

Before you start the verification process, review the OAuth Application Verification FAQ. This will help your verification process go quickly. To start the verification process for apps, follow the steps below:

  1. Update the OAuth Consent Screen details in the Google Cloud Platform Console APIs & Services Credentials:
    • You must have a privacy policy URL.
    • Add URLs for your Home Page and Terms of Service if you have them.
  2. Verify your website ownership through Search Console by using an account that is a Project Owner or a Project Editor on your OAuth project.
  3. To start the verification process, submit a verification request by following the process below. Note that the Verification required dialog is a beta feature that might not be available for all users at this time.
    1. On the GCP Console OAuth Consent Screen, click Submit or Save.
    2. If a Verification required dialog displays:
      1. Add information in the text boxes for Google to verify your OAuth consent screen.
      2. When you're finished entering details, click Submit.
NOTE: If you add any new redirect URLs or JavaScript origins, or if you change your Product Name after verification, you will have to go through verification again.

Verification for Apps Scripts

If a new Apps Scripts requests OAuth access to data that belongs to consumers or users in other domains, the "unverified app" screen might display before the OAuth consent flow. For more information about how this affects Apps Script developers and users, including instructions for verifying Apps Script OAuth clients, see the Apps Script OAuth client verification documentation.

OAuth user quotas

The OAuth user quotas are summarized in the table below. These may be adjusted for specific applications based on the application history, developer reputation, and riskiness.


Applicable apps



New User Cap

Apps that present unverified app screen to users

100 new users in total, once the app presents the unverified app screen

Request verification for your app

To learn more, see the OAuth Application Rate Limits page.

Application users

If you were using an application and you were redirected here from an error page, wait one day before you try to use the application again. This should allow the application total new user cap to refresh. If you continue to get an error, the owner of the application might need to take action before you and other new users can access it.

¿Te ha resultado útil esta información?
¿Cómo podemos mejorar esta página?