Hi everyone,
I accidentally deleted my Google Cloud Project and restored it within the 30-day recovery window. The project restored successfully, and my OAuth 2.0 Web Client ID is visible and active in both the Credentials page and the new Google Auth Platform > Clients page. All config is intact (redirect URIs, JavaScript origins, client secrets).
However, every authorization request returns:
Error 401: deleted_client
The OAuth client was deleted.
The Console shows the client as active, but the live auth servers still treat it as deleted.
Why I cannot create a new Client ID
I use this Client ID with zkLogin (Enoki on Sui blockchain). User wallet addresses are cryptographically derived from the OAuth Client ID (aud claim). If I create a new Client ID, every user gets a different wallet address and permanently loses access to their on-chain assets. This is not recoverable.
What I have tried (nothing worked)
-
Rotated client secret twice (March 14 and March 15), no effect
-
Modified and saved Authorized JavaScript Origins and Redirect URIs, no effect
-
Ran
gcloud alpha iap oauth-brands create, failed with “Project must belong to an organization” -
Clicked “Publish app” on Audience page, got internal error: “An error updating your app has occurred”
-
Added test users to the Audience page successfully, but login still fails
-
Waited 48+ hours after project restore, no change
My theory
Project undelete restored the OAuth client in the Console database but did not propagate the restore to Google’s live authorization servers. The two systems are out of sync.
What I need
A Google Identity/OAuth engineer to manually resync the backend authorization server state for this Client ID so it is recognized as active again.
Has anyone dealt with this before? Any suggestions or contacts that could help?
Thanks.