OAuth verification stuck on "Homepage requirements" - Firebase web.app domain not recognized

Google Cloud Cloud Foundations & Onboarding
1

I’m trying to complete OAuth app verification for my project, but the Verification Center shows:

  • Branding status: Verified :white_check_mark:

  • Data access status: Under review, but blocked by “Homepage requirements” :cross_mark:

The error says: “Your app has not met homepage requirements. Homepage website is not registered.”

My setup:

  • GCP Project: (PII Removed by Staff)

  • Homepage URL: https://ruribitaki2.web.app (Firebase Hosting)

  • Privacy Policy: https://ruribitaki2.web.app/privacy

  • Terms of Service: https://ruribitaki2.web.app/terms

  • Authorized domains: ruribitaki2.web.app, ruribitaki2.firebaseapp.com

  • Domain ownership verified in Google Search Console under the same account as GCP project owner

  • Scopes: analytics.readonly, analytics.manage.users.readonly, webmasters.readonly

What I’ve tried:

  • Verified domain ownership in Search Console (confirmed as owner)

  • Confirmed the same Google account owns both the GCP project and Search Console property

  • All OAuth consent screen fields are correctly configured

My question:
Is the web.app domain considered a “third-party platform where subdomain ownership cannot be verified”? Do I need to set up a custom domain on Firebase Hosting to pass the homepage requirement?

I cannot resubmit verification or contact the Trust & Safety team directly. No email has been received from them.

Any guidance would be appreciated.

2

I have exactly the same problem but on github pages.

So, last year I had made API requests for calendar and it was approved using the same exat github pages. But now I also want access to tasks API, I had set up the request exact same way but this is the response I get from the Google team.

Now I don’t know what to make of this.

Hello Google Developer,

Thank you for your patience while we reviewed your submission. Your application homepage and privacy policy must be hosted on a verified domain that you own (Learn more)

Hosting your homepage and privacy policy on a third-party platform where you cannot verify ownership of your subdomain, such as github. io, should be avoided.
Please take the following action(s) to continue with your request

⤷ Reply to this email with the following information:

Move your application homepage and privacy policy to domain under your ownership
Update the homepage and privacy policy URLs in your Cloud Console (Learn more)
Verify your domain ownership (Learn more)
Need to make changes to your verification request?

Please make direct changes on the Cloud Console. Save and ‘Submit for verification’ the changes when finished.

No longer need access to these scopes?

Please reply to this email to cancel the verification request.

Need other help?

For more information on OAuth Verification, you can read the terms or policies for the APIs or products your app uses, as well as the following resource:

OAuth App Verification Help Center
Thank you,

The Third Party Data Safety Team

Hey,
I am not sure I understand the requirement for a domain all of a sudden:

  1. The root url of the FOSS web page is: Full Calendar remastered for Obsidian with the privacy hosted at: Privacy Policy - Full Calendar Remastered and Terms and Conditions at: Terms of Service - Full Calendar Remastered

  2. The root url has already been verified according to Verify your site ownership - Search Console Help - specifically via the HTML file upload method, as double checked on Google Search console (see the screenshot attached below)

  3. This procedure had worked very fine before (OAuth access for Google Calendar API).

So based on the above facts, I would like to know what am I doing wrong this time and why I require a paid domain to host my FOSS plugin.

Thank you for your time.
Best Regards,
JK