Google requirements on implementing OAuth

Google requirements on implementing OAuth

OAuth is an open standard protocol used for authorization and authentication between different services, applications, and platforms. Usually, it's easy enough to implement, and the libraries are available for the major web frameworks, such as Django, Flask, React, etc.

Unlike, for example, GitHub, Google requires your website to pass a verification procedure, with the requirements outlined here:

Overview | Authentication | Google Developers

It also lets you create an OAuth setup in test mode, where you can add up to 100 specific Google Accounts to test the setup before verification.

Usually, you would just follow your library's documentation and get straight to the implementation business, so here I would like to describe a couple of possible verification issues that are frequently overlooked.

You need to have a privacy policy page

And the link to this page needs to be present somewhere on the main page. I didn’t put the link on the main page initially, and got rejected:

Comply with OAuth 2.0 policies | Authorization | Google Developers

Google logo needs to be on a white background

I had both dark and light themes on coder, and the login button in dark theme had a dark background, so I changed it to white also in dark theme:

Sign-In Branding Guidelines | Google Identity | Google Developers

The requirement about having a google icon on a bright background is likely a bit flawed, since no one prevents you from changing the background after verification. In fact, I recently stumbled upon repl.it login page that has such background: