Error message "You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure"

Question

I am developing a web-based application that will allow my trusted staff to edit the titles, descriptions, tags, etc. of my YouTube channel. In attempting to "Opt In" to my own application, I was sent to the callback URI with an error message:

You can't sign in to this app because it doesn't comply with Google's OAuth 2.0 policy for keeping apps secure. You can let the app developer know that this app doesn't comply with one or more Google validation rules.

Some history - when I first attempted to obtain a code to exchange to an authorization token, it actually worked! However, as I was writing the code to harvest the code and exchange it for the authorization token, I repeated the "Opt In" process multiple times. Before I was ever able to perfect my code to exchange the code for an authorization token, I began getting the error message to the effect that the app is insecure and cannot be signed in to.

More history - after reading a Stack Overflow article describing something similar, I deleted the project, created a new project, generated a new Client ID and Client Secret, and then repeated the test with the same failure.

I am the only Test User of the app. I can't find any notification in my console alerting me to nature of the security issue triggering the failures. I have reviewed the OAuth policies at

OAuth 2.0 Policies

and cannot find anything even remotely wrong.

What is wrong and how can I fix it?

Answer 1

I also had the same issue.

For me, it turned out that my redirect_uri is not valid. The redirect_uri that gives error:

http://localhost:8000api/vi/oauth/google

What are wrong in my case:

• I should put a / before api.
• vi is different from what I registered on GCP. It should be v1

I would suggest you to print out the redirect_uri when your app is performing code exchange, and verify every single characters carefully.

Additionally, check out the documentation of Redirect URI validation rules on Google to see if your redirect_uri comply with all the rules.