We encourage developers to create a separate OAuth project for development/testing and production which does not have to go through the verification process. Please remove the above mentioned localhost URLs from your production Oauth client and reply back for us to continue with the verification process.
Unfortunately I'm not aware of any other alternatives at this time.
If the Google application is configured as a web application, a valid callback URL is required and if the credentials are used in a desktop or mobile application only a localhost URL can be used.
This is a technical limitation.
The solution is to create a Google application of type "Desktop app" which is not tied to a localhost URL.
I have also encountered this problem. I have created a new OAuth 2.0 Client ID configured as Desktop application but my CallbackURL = http://localhost:8888 as shown in the User Guide.
I don't know what CallbackURL should be. How should I set this?
Please note that a Client ID configured as Desktop application should accept any callback URL that points to localhost. (provided that the port number is not used by another application)
It should not be set in the Google Developer Console.
You can assign the URL in the App.CallbackURL property of the component.
I have configured the Client ID for both my Android and iOS apps as you described - as Desktop Apps with CallbackURL = http://localhost:8888. I have also restricted the Scope property to only those that I need.
I am still seeing a message that the app needs to be verified by Google. I am confused about this - should I set up Client IDs for an Android app and submit it to Google for verification and then repeat for an iOS app? I suspect that Google may have changed this recently.