Gdrive, Google does not want to verify the access

My app is using Gdrive. However, each time the user connects, there is a warning saying that the app has not been verified by Google.

I begun the verification process and I have received an email from Google:

Dear Developer,
According to our information the following localhost/testing URLs are present in your OAuth Clients.

** Client id:*

** **

We encourage developers to create a separate OAuth project for development/testing and production which does not have to go through the verification process. Please remove the above mentioned localhost URLs from your production Oauth client and reply back for us to continue with the verification process.

So, what should I do?


We are currently investigating this issue and will report back as soon as possible.

Can you please try the following?

  • Create a new app in the Google Developer Console
  • Select "Desktop app" as Application type (instead of Web application)
  • Use the Client ID and secret of this new app.
  • You still need to assign a CallBackURL in your client app for authentication, but this is no longer tied to the app you created in the Google console.
  • Request verification with Google for the desktop app

I think this solution is not feasible.

I think the app needs a minimum of uses/access before getting the possibility of being verified.

If I create a new app in Google Console I lose it.

I am not 100% sure, however I think so.

Unfortunately I'm not aware of any other alternatives at this time.
If the Google application is configured as a web application, a valid callback URL is required and if the credentials are used in a desktop or mobile application only a localhost URL can be used.
This is a technical limitation.
The solution is to create a Google application of type "Desktop app" which is not tied to a localhost URL.

I have also encountered this problem. I have created a new OAuth 2.0 Client ID configured as Desktop application but my CallbackURL = http://localhost:8888 as shown in the User Guide.

I don't know what CallbackURL should be. How should I set this?


Please note that a Client ID configured as Desktop application should accept any callback URL that points to localhost. (provided that the port number is not used by another application)
It should not be set in the Google Developer Console.
You can assign the URL in the App.CallbackURL property of the component.

I have configured the Client ID for both my Android and iOS apps as you described - as Desktop Apps with CallbackURL = http://localhost:8888. I have also restricted the Scope property to only those that I need.

I am still seeing a message that the app needs to be verified by Google. I am confused about this - should I set up Client IDs for an Android app and submit it to Google for verification and then repeat for an iOS app? I suspect that Google may have changed this recently.

Thanks again

Yes you should go through Google's verification process to get your app verified.
Once it's verified the message should disappear.