Skip to content

[Action Required] Migrate your OAuth out-of-band flow to an alternative method before Oct. 3, 2022

Google logo

OAuth out-of-band flow will be blocked for your production OAuth clients.

Our records indicate you have OAuth clients that used the OAuth OOB flow in the past.

Hello Google OAuth Developer,

We are writing to inform you that OAuth out-of-band (OOB) flow will be deprecated on October 3, 2022, to protect users from phishing and app impersonation attacks.

What do I need to know?

Starting October 3, 2022, we will block OOB requests to Google's OAuth 2.0 authorization endpoint for existing clients. Apps using OOB in testing mode will not be affected. However, we strongly recommend you to migrate them to safer methods as these apps will be immediately blocked when switching to in production status.

Note: New OOB usage has already been disallowed since February 28, 2022.

Below are key dates for compliance

September 5, 2022: A user-facing warning message may be displayed to non-compliant OAuth requests October 3, 2022: The OOB flow is blocked for all clients and users will see the error page.

Please check out our recent blog post about Making Google OAuth interactions safer for more information.

What do I need to do? Migrate your app(s) to an appropriate alternative method by following these instructions:

Determine your app(s) client type from your Google Cloud project by following the client links below. Migrate your app(s) to a more secure alternative method by following the instructions in the blog post above for your client type.

If necessary, you may request a one-time extension for migrating your app until January 31, 2023. Keep in mind that all OOB authorization requests will be blocked on February 1, 2023.

The following OAuth client(s) will be blocked on Oct 3, 2022.

OAuth client list:

Project ID: debconf-videos

Client: 1068516562020-ssfmtm32l0vl6ke96crudj8q7o50tpv8.apps.googleusercontent.com

Thanks for choosing Google OAuth.

— The Google OAuth Developer Team

Seems we need to migrate to being a "Desktop" app, and do a loopback redirect.

https://developers.google.com/identity/protocols/oauth2/native-app#android