Google Auth Platform Overview

The Overview page serves as a starting point for configuring your application. Clicking on the "GET STARTED" button allows you to initiate the configuration process if you haven't done so already.

The Overview page also provides insights into your application’s metrics, allowing you to monitor app requests and usage.

Metrics

Traffic

This graph shows the number of OAuth requests per day across all your clients. 

Errors

This graph shows the daily count of errors encountered during OAuth requests across your clients. For common errors that may occur when accessing the Google OAuth 2.0 endpoint, refer to the error documentation

Users

This graph shows the number of active unique users authorizing your app per day.  

OAuth token grant rate

The token grant rate limit restricts how rapidly your application can acquire new users. This graph enables you to monitor your grant rate limit and notifies you if your limit is about to be exceeded.

If your limit has been reached or is about to be, you can submit a request to increase your daily token limit.

Note: The token grant rate limit only applies to non-identity scopes. If your application only uses identity scopes, this graph will not display any data.

Review the OAuth Application Rate Limits article to learn more about rate limits.

 

Project Checkup 

The Project Checkup verifies compliance with our policies and best practices.  Warning or success indicators are displayed based on the status of each individual check.

  • warning - recommended action to improve the experience of users authorizing your application. 
  • success - your application complies with the policy / best practice.  

The compliance checks are done across 5 categories : App Verification, Developer Identity, Incremental Auth, Modern Platforms and App Security

App Verification

OAuth App verification

Reports if your app needs verification. Learn more about verification requirements in the OAuth Verification Center

Developer Identity

Updated contact information

Reports if your app has out-of-date developer contact information. These are the contact emails where relevant information about your projects are sent. An error is reported if registered email addresses are not reachable. You can update your developer contact information in the Branding page

Domain verification

Reports if one or more of the domains being used by your application has not been verified. Review your list of domains in the Authorized domains section of the Branding page and ensure all domains are verified in the Google Search Console

Billing account verification

Some Google APIs charge for usage, and you need to enable billing before you can start using these APIs.

This check reports if your app does not have an associated Cloud billing account. It is recommended to associate your project with a billing account since some Google APIs charge for usage.  

To fix this issue, associate a Cloud billing account with your project

Project contacts

Your project should have at least one and not more than 15 human  project owners or editors who can be reached.

This check will notify you if your project does not have a human project owner or editor, or if there are more than 15 registered project owners or editors.

Review the Manage project members or change project ownership article for instructions on how to add or remove a project owner/editor from your project. 

Incremental Auth

Incremental authorization

It is considered a user experience best practice to request authorization for resources at the time you need them instead of requesting all scopes your app needs upfront. 

This check reports whether or not your app complies with the incremental auth best practice. Learn more about incremental authorization and how to implement it in your application. 

Granular permissions

Partial consent or granular permission allows users to get more fine-grained control over what account data they choose to share with your app. When you request for multiple permissions, users are given the choice to consent to some or all of the requested scopes. 

This check reports if your application supports and appropriately handles granular permissions. Learn more about granular permissions and how to implement it in your application. 

Modern platforms

These checks report on whether or not your application is using modern and supported technologies.  

Legacy browsers

Your application should use secure browsers and not make requests to the Google OAuth 2.0 endpoint from an embedded user-agent under the developer's control.  

This check reports if your application is using an older browser or embedded webview that may be unsafe. 

Legacy client libraries

Our clients libraries are updated periodically to adhere to the latest security and user best practices. Your application should always use the latest version of our Google Identity Services client libraries. 

This check reports if your application is using the latest and recommended Google Identity Services library to make calls to the Google OAuth 2.0 endpoints. 

Legacy operating systems

Your apps should run on modern, safe operation systems. This check reports if your app is being supported in a legacy, unsafe operating system with potential security vulnerabilities.

To fix this, ensure your application is only supported in modern, safe operating systems. 

App Security

Send Token Securely

Your app should send tokens securely. For example, access tokens should not be sent in the authorization URL or via HTTP. The check reports if your app is sending tokens securely.

Use secure flows

To ensure the security of your application, you should avoid using insecure flows susceptible to impersonation. When making requests to the Google OAuth 2.0 endpoint, ensure that the requests originate from verified apps and incorporate appropriate security measures for added protection. This check verifies the following: 

Webviews usage

Sending requests to the Google OAuth 2.0 endpoint from an embedded webview is not supported due to vulnerabilities to "man in the middle" attacks.

This check reports if your app is using an embedded webview.  Learn more about fixing errors originating from embedded webviews. 

Cross-Account Protection

Cross-Account Protection enhances the security of your app by enabling you to monitor and react to security incidents involving Google Accounts linked with your apps. For instance, you may be notified through token revocation events when a user revokes a token previously granted to your app. You can take action in response to this notification, such as terminating any active sessions.

Implementing Cross-Account Protection is strongly recommended as an additional security measure for accounts using your application. 

This check reports if you have Cross-Account Protection implemented for your application. Learn more about Cross-Account Protection and how to implement it in your application.

Was this helpful?

How can we improve it?
Search
Clear search
Close search
Main menu
16822056896104584760
true
Search Help Center
true
true
true
true
true
95384
false
false