Stay organized with collections
Save and categorize content based on your preferences.
This page describes some common issues that you might encounter involving
authentication and authorization.
This app isn't verified
If the OAuth consent screen displays the warning "This app isn't verified," your
app is requesting scopes that provide access to sensitive user data. If your
application uses sensitive scopes, your app must go through the
verification process
to remove that warning and other limitations. During the development phase, you
can continue past this warning by selecting Advanced > Go to {Project Name}
(unsafe).
File not found error for credentials.json
When running the code sample, you might receive a "file not found" or "no such
file" error message regarding credentials.json.
This error occurs when you have not authorized the desktop application
credentials. To learn how to create credentials
for a desktop application, go to
Create credentials.
After you create the credentials, make sure the downloaded JSON file is saved as
credentials.json. Then move the file to your working directory.
Token has been expired or revoked
When running the code sample, you might receive a "Token has been expired" or
"Token has been revoked" error message.
This error occurs when an access token from the Google Authorization Server has
either expired or has been revoked. For information about potential causes
and fixes, see
Refresh token expiration.
JavaScript errors
The following are some common JavaScript errors.
Error: origin_mismatch
This error occurs during the authorization flow if the host and port used
to serve the web page doesn't match an allowed JavaScript origin on your
Google Cloud console project. Make sure you set an authorized
JavaScript origin and that the URL in your browser matches the origin URL.
idpiframe_initialization_failed: Failed to read the 'localStorage' property from 'Window'
This error occurs when third-party cookies and data storage aren't enabled
in your browser. These options are required by the Google Sign-in library. For
more information, see
3rd-party cookies and data storage.
idpiframe_initialization_failed: Not a valid origin for the client
This error occurs when the domain registered doesn't match the domain being
used to host the web page. Ensure that the origin you registered matches the URL
in the browser.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2025-08-04 UTC."],[[["\u003cp\u003eThis page addresses common authentication and authorization issues you might face, such as unverified apps, file errors, token issues, and JavaScript errors.\u003c/p\u003e\n"],["\u003cp\u003eUnverified app warnings occur when requesting sensitive user data, requiring app verification to remove; during development, proceed unsafely via 'Advanced' options.\u003c/p\u003e\n"],["\u003cp\u003e"File not found" errors related to \u003ccode\u003ecredentials.json\u003c/code\u003e arise from unauthorized desktop applications, requiring credential creation and placement in the working directory.\u003c/p\u003e\n"],["\u003cp\u003eToken expiration or revocation errors stem from invalid access tokens from the Google Authorization Server, necessitating review of token refresh procedures.\u003c/p\u003e\n"],["\u003cp\u003eCommon JavaScript errors include origin mismatches, issues with third-party cookies and data storage, and discrepancies between registered and hosted web page domains.\u003c/p\u003e\n"]]],["The content addresses common authentication and authorization issues. It details resolving the \"This app isn't verified\" warning by undergoing a verification process or bypassing it temporarily. It also explains the \"file not found\" error for `credentials.json`, advising users to create desktop application credentials, save the file correctly, and move it to the working directory. The \"Token has been expired or revoked\" error is covered, with a link provided for resolution. It also addresses Javascript errors including origin mismatches and issues with localStorage, recommending setting correct origins and enabling third-party cookies.\n"],null,["This page describes some common issues that you might encounter involving\nauthentication and authorization.\n\n`This app isn't verified`\n\nIf the OAuth consent screen displays the warning \"This app isn't verified,\" your\napp is requesting scopes that provide access to sensitive user data. If your\napplication uses sensitive scopes, your app must go through the\n[verification process](https://support.google.com/cloud/answer/7454865)\nto remove that warning and other limitations. During the development phase, you\ncan continue past this warning by selecting **Advanced \\\u003e Go to {Project Name}\n(unsafe)**.\n\n`File not found error for credentials.json`\n\nWhen running the code sample, you might receive a \"file not found\" or \"no such\nfile\" error message regarding credentials.json.\n\nThis error occurs when you have not authorized the desktop application\ncredentials. To learn how to create credentials\nfor a desktop application, go to\n[Create credentials](/workspace/guides/create-credentials#desktop-app).\n\nAfter you create the credentials, make sure the downloaded JSON file is saved as\n`credentials.json`. Then move the file to your working directory.\n\n`Token has been expired or revoked`\n\nWhen running the code sample, you might receive a \"Token has been expired\" or\n\"Token has been revoked\" error message.\n\nThis error occurs when an access token from the Google Authorization Server has\neither expired or has been revoked. For information about potential causes\nand fixes, see\n[Refresh token expiration](/identity/protocols/oauth2#expiration).\n\nJavaScript errors\n\nThe following are some common JavaScript errors.\n\n`Error: origin_mismatch`\n\nThis error occurs during the authorization flow if the host and port used\nto serve the web page doesn't match an allowed JavaScript origin on your\nGoogle Cloud console project. Make sure you set an authorized\nJavaScript origin and that the URL in your browser matches the origin URL.\n\n`idpiframe_initialization_failed: Failed to read the 'localStorage' property from 'Window'`\n\nThis error occurs when third-party cookies and data storage aren't enabled\nin your browser. These options are required by the Google Sign-in library. For\nmore information, see\n[3rd-party cookies and data storage](https://developers.google.com/identity/sign-in/web/troubleshooting#third-party_cookies_and_data_blocked).\n| **Note:** In your own app, you should prompt users to enable third-party cookies and data storage or add an exception for `accounts.google.com`.\n\n`idpiframe_initialization_failed: Not a valid origin for the client`\n\nThis error occurs when the domain registered doesn't match the domain being\nused to host the web page. Ensure that the origin you registered matches the URL\nin the browser."]]