Legacy OAuth consent screen data ("Developer Information") not updating - blocking all Google Sign-In requests

Google Cloud Cloud Foundations & Onboarding
1

All Google OAuth 2.0 authorization requests for my project are blocked with “Error 400: invalid_request” and the message “Access blocked: You can’t sign in to this app because it doesn’t comply with Google’s OAuth 2.0 policy for keeping apps secure.”

The OAuth error page shows two different app names from two different data sources:

  • The main error message correctly shows my app name “appcaloria” (from the new Google Auth Platform branding, which is verified and published).

  • The “Developer Information” section at the bottom shows legacy placeholder values: App name: “Potato App” and Support email: “Potatoemail”.

“Potatoemail” is not even a valid email address — these were placeholder values set during the initial project setup.

What I’ve already done

  1. Updated the branding in Google Auth Platform > Branding with the correct app name (“appcaloria”), valid support email 1, homepage, privacy policy, and terms of service links.

  2. Successfully verified and published the branding — the Verification Center confirms “Your branding has been verified and is being shown to users.”

  3. The Audience is set to External.

  4. All OAuth client IDs (iOS, Web, Android) are correctly configured.

  5. Restored a previously deleted Firebase Auth web client.

  6. Tried toggling Firebase Google Sign-In on/off, deleting and recreating the IDP config via the Identity Toolkit API — none of this updated the legacy “Developer Information.”

  7. Tried multiple Google API endpoints (IAP brands, clientauthconfig, apiui) — all return 404 or “Project must belong to an organization.”

Root cause

The new Google Auth Platform branding is working and propagating (the error page shows “appcaloria” in the main message). However, there is a separate legacy consent screen/brand that still stores the old “Potato App” / “Potatoemail” values. This legacy data is displayed in the “Developer Information” section of the OAuth error page and appears to be what Google’s security policy checks against.

Since this is a personal project (not part of a Google Workspace organization), the IAP brands API returns “Project must belong to an organization,” and the old OAuth consent screen UI now redirects to the new Auth Platform — leaving no way to update the legacy data.

What I need

Is there any way to update or clear the legacy OAuth consent screen / brand data for a personal project? Or can a Google team member update it on the backend to match my current Auth Platform branding?

  • App name: appcaloria

  • Support email: (PII Removed by Staff)

This is blocking all users from signing in with Google on my production app (a food journal / calorie tracking app built with React Native / Expo and Firebase).

Thank you for any help!

1 Like