This page describes some common issues that you might encounter involving authentication and authorization.
This app isn't verified
If the OAuth consent screen displays the warning "This app isn't verified," your app is requesting scopes that provide access to sensitive user data. If your application uses sensitive scopes, your app must go through the verification process to remove that warning and other limitations. During the development phase, you can continue past this warning by selecting Advanced > Go to {Project Name} (unsafe).
File not found error for credentials.json
When running the code sample, you might receive a "file not found" or "no such file" error message regarding credentials.json.
This error occurs when you have not authorized the desktop application credentials. To learn how to create credentials for a desktop application, go to Create credentials.
After you create the credentials, make sure the downloaded JSON file is saved as
credentials.json
. Then move the file to your working directory.
Token has been expired or revoked
When running the code sample, you might receive a "Token has been expired" or "Token has been revoked" error message.
This error occurs when an access token from the Google Authorization Server has either expired or has been revoked. For information about potential causes and fixes, see Refresh token expiration.
JavaScript errors
The following are some common JavaScript errors.
Error: origin_mismatch
This error occurs during the authorization flow if the host and port used to serve the web page doesn't match an allowed JavaScript origin on your Google Cloud console project. Make sure you set an authorized JavaScript origin and that the URL in your browser matches the origin URL.
idpiframe_initialization_failed: Failed to read the 'localStorage' property from 'Window'
This error occurs when third-party cookies and data storage aren't enabled in your browser. These options are required by the Google Sign-in library. For more information, see 3rd-party cookies and data storage.
idpiframe_initialization_failed: Not a valid origin for the client
This error occurs when the domain registered doesn't match the domain being used to host the web page. Ensure that the origin you registered matches the URL in the browser.