OAuth consent screen - ability to remove application logo

Question

I added an application logo by mistake on the OAuth consent screen (URL: https://console.cloud.google.com/apis/credentials/consent), and now it says my consent screen requires verification by Google.

Is there any way to remove the application logo from the consent screen?

Edit: I didn't make it clear before but I wanted to remove the logo to get rid of the verification notice.

This likely is the intended behavior; just await the review. — Martin Zeitler, Jul 22 '19 at 15:35
For what it's worth, for me, the easiest solution was to take a deep breath, then create another project with the same information, without adding a logo. — Raffi, Jun 29 '21 at 16:29

Chris32 · Accepted Answer · 2020-11-05T08:33:27.773

63

In order to delete the logo, follow these steps:

Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative. https://console.cloud.google.com/apis/credentials/consent
Upload any image that differs from the one previously uploaded.
Open your Developer Tools (F12 or Ctrl+Shift+I).
Open the Network tab.
(Optional) Press the Clear button to make it easier to search later.
Click the Save button on the website to upload the new logo. (If the Save button is disabled, go through the full "Submit for Verification" process.)
In the Network tab, look for a request similar to "123456789987?alt=json&key=...".
Click on the entry and ensure that the Request Method is PUT.
Right-Click the entry and select "Copy"->"Copy as cURL (bash)".
Paste it into a text editor and search for the text "iconUrl":"https://...".
Change the text to read like the following: "iconUrl":"".
Back on the site, open up a Cloud Console session (The terminal icon in the top menu bar) and paste the modified command, then run it.
Verify that logo got removed from consent screen and verification status has changed.

Please keep in mind that this may require you to verify your app again.

Since June 11th of 2020 there's a Feature request open requesting the adition of a remove logo button to make this process easier. Please leave your comment, star the issue and leave a +1 if you are also affected by this issue.

edited Nov 05 '20 at 08:33

answered Jul 23 '19 at 15:54

Chris32

4,716
2
18
30

I am trying to avoid verifying the app – Steven Matthews Jul 23 '19 at 16:17
I work in Cloud Platform Support and I am not aware of any method to undo google verification. At this point you can ignore the verification emails, after 3 emails they will stop insisting and the application will remain with the unverified tag, or you can proceed to verify it. The procedure is only to remove the logo – Chris32 Jul 24 '19 at 07:34
That's true, you should complete the change. Usually any change you made on the consent screen will required you to submit a new verification process, I would recommend to make the change and request G Suite API support to help you and see if there is a chance to speed up the process since the change was minimum. – Mario R. Jul 31 '19 at 22:19
3

This method worked for me. I set the `iconUrl` to an empty string and now no longer need verification. – a paid nerd Nov 19 '19 at 20:15
1

I followed the instructions but I got error :"error": { "code": 400, "message": "Invalid value \"json^\" for query parameter 'alt'", "status": "INVALID_ARGUMENT" } } curl: (6) Could not resolve host: petit curl: (3) [globbing] bad range specification in column 156 curl: (6) Could not resolve host: for curl: (3) [globbing] unmatched close brace/bracket in column 131 . I just removed the url inside the bracket... – Paul Martinez Feb 15 '20 at 00:38
3

Worked for me today, except I had no visible "cloud console". Running the curl command in a shell on my local machine worked. – Simon Michael Apr 30 '20 at 19:36
3

This didn't work. Is this seriously the procedure for something that should just be a button on the console? This approval process is the worst. – Michael Brant Jun 03 '20 at 19:20
1

Just tried this as well without success. This really must be one of the shittiest experiences I ever had as a developer... – Leo Jun 11 '20 at 14:27
9

For all you guys experiencing this issue, there is an [open feature request](https://issuetracker.google.com/u/1/issues/158736319) to solve this issue. If you feel so you can go by **star the issue and leave a comment** as you are also expecting this feature to be default – Chris32 Jun 11 '20 at 16:10
@Chris32 please, for your experience, how much time (days, weeks, months...) they take to solve this kind of issue? The procedure explained in the answer didn't work for me :(, I double checked the steps... – Guybrush Jun 12 '20 at 13:19
Well, since this is the introduction of a new feature i'm not even sure if they are going to implement this at all. This will depend on the ammount of users requesting this feature (go and star the PIT). Then this can take between some months (maybe 6 months?) and years. In any case don't count on having this tool anytime soon because is unlikely – Chris32 Jun 16 '20 at 07:49
14

This is no longer working. Google changed image implementation from icon URL to its Base64 encoding. Look here: https://stackoverflow.com/q/62414912/1992004 – Evgeniy Jun 17 '20 at 09:44
You may need to switch from console.developers.google.com to console.cloud.google.com to get to the cloud console. – Elijah Mock Aug 06 '20 at 21:38
18

As of August 2020 the issue is still present, but this solution no longer works because Google API requests have changed. It now sends base64-encoded image data within the request and replacing it with an empty value returns an error. (the same mentioned in the comments above) – Eric Gopak Aug 09 '20 at 13:45
7

Why Google. Why? Why such a pain! – Reactgular Feb 14 '21 at 21:16
1

This no longer works look at https://stackoverflow.com/questions/62414912/oauth-consent-screen-ability-to-remove-application-logo-old-solution-is-no-lo – Hipster Cat Mar 29 '21 at 22:03
Worked for me — thank you! But also: Lol. This feels like an appropriate place to drop this link: https://aws.amazon.com/ – Rocky Smith Sep 18 '22 at 15:20
This has broken our setup. Would not recommend. – Bert Peters Nov 17 '22 at 09:41

Samuli Asmala · Answer 2 · 2023-01-13T05:35:43.163

38

As of Jan 2023 (confirmed by hlustosa) icon can be removed with the following steps. Please note that if your project is not already in an organization you will be stuck at the step 8 unless you can add your project to an organization.

Since this is a combination of two answers above with additional steps I put all the steps here for clarity. Credits to @Chris32 and @ropsnou for the initial steps.

Remove all existing API keys and Client IDs from the OAuth Credentials page
Open the OAuth Consent Screen Configuration in Chrome or a Chromium derivative.
Upload any image that differs from the one previously uploaded and click "Save and continue"
In the Network tab, look for a PUT request like this: https://clientauthconfig.clients6.google.com/v1/brands/745625634622/icon?key={key}
Right-Click the request and select "Copy"->"Copy as cURL (bash)".
Paste it into a text editor and do following changes
- Remove /icon from the url
- Change request method to DELETE
- Remove --data-raw parameter and its long value
Activate Cloud Shell by clicking the terminal icon in the top-right corner of the GCP website. Paste and run the command you modified in the previous step. If you get INVALID_ARGUMENT error you probably still have an API key or Client ID associated with the consent screen (Check the Credentials tab on GCP). If you get {} the command was successful and the logo was removed. However, together with the logo a larger brand entity was also removed, and if you try to modify the consent screen you will get "An error saving your app has occurred."
To recreate the brand run the following command in the Cloud Shell (it assumes you have the correct project active):
EDIT: The command may fail for two reasons (see comments for more info):
- User is not owner of the email
- Project is not in an organization

gcloud alpha iap oauth-brands create --application_title='<title>' --support_email='<email>'

Now the logo is gone and you can again modify the consent screen

edited Jan 13 '23 at 05:35

answered May 31 '21 at 09:14

Samuli Asmala

1,755
18
24

Thanks! This is very well detailed information and functional. – Latenec Jun 07 '21 at 08:33
1

Step 8 fails for me with an error: INVALID_ARGUMENT: Request contains an invalid argument. – Inversion Jun 28 '21 at 06:55
Just a guess but maybe you have a typo in argument name or illegal characters in title or email value? Would help if you post the full command. Or Google has changed something again. – Samuli Asmala Jun 28 '21 at 11:59
4

Step 8 also fails for me with INVALID_ARGUMENT: Request contains an invalid argument. I tried gcloud alpha iap oauth-brands create --application_title='myappname' --support_email='me@example.com' and even the same command with and <email> left in.</email> – Adam D Aug 17 '21 at 10:28
Adam, please try the command with a real email address you own. According to the docs _"the user issuing the request must be an owner of the specified support email address."_ https://cloud.google.com/iap/docs/programmatic-oauth-clients#setup-oauth – Samuli Asmala Aug 17 '21 at 12:55
I can confirm that this works as of Sep-2021. If you are getting INVALID_ARGUMENT error, make sure to delete the client-ids on credential page and then follow step 8 before saving. – Prakhar Sep 02 '21 at 13:11
@Prakhar recreating the brand still gives me an INVALID_ARGUMENT error even though there are no client ids whatsoever have any idea what else might be causing this I'm stuck with this for hours any help would be appreciated – Fadi Banna Sep 10 '21 at 00:50
@FadiBanna is the email address you are using in `--support_email` parameter at step 8 shown in the consent screen configuration"User support email" dropdown? – Samuli Asmala Sep 10 '21 at 05:40
@SamuliAsmala yes it is – Fadi Banna Sep 10 '21 at 09:27
Step 8 seems to fail for me too with the same error message "INVALID_ARGUMENT: Request contains an invalid argument". Even "gcloud alpha iap oauth-brands list" gives the same error. Have this stopped working or i have missed something @SamuliAsmala?? – Azzam Asghar Sep 26 '21 at 15:13
6

I have done this and now I can´t use anything!!!!! I can´t add oAuth Client key!!! PLEASE DON´T DO THIS – Víctor Oct 05 '21 at 07:57
You can migrate the recources from google cloud platform from "no organization" to a free organization indentity. Then "gcloud alpha iap oauth-brands" commands will work. See https://github.com/google/triggerator /Limitations: The instructions below must be run within a Google Cloud Organization by a member of that org. – urs32 Nov 18 '21 at 22:22
@Victor, could it be that your project was not in organization and that was the reason for the failure? – Samuli Asmala Nov 19 '21 at 08:31
Can confirm this worked as of Dec '21. The only thing I'd note is that in step 7 I was unclear what the Cloud Console session was. The icon to open this is on the actual webpage in the top-right corner. – mcriecken Dec 09 '21 at 14:09
Thanks for the confirmation and feedback. I updated the answer accordingly. – Samuli Asmala Dec 09 '21 at 17:05
You saved my life thank you so so much – Bback.Jone Jan 11 '22 at 03:24
Thanks! It worked at Jan 25 2022. I had to remove all keys and credentials before. – Gean Jan 25 '22 at 03:23
What Network Tab? I don't see this no where – Osagui Aghedo Feb 02 '22 at 10:25
It's the Chrome developer tools' Network Tab. You can access developer tools with CTRL + SHIFT + I. – Samuli Asmala Feb 03 '22 at 16:28
Confirming this still works as of May 2022. – Mike S May 18 '22 at 13:57
1

Confirming this method still works: Aug 3, 2022 **Step 8 is critical"" - make sure these values are set before starting this procedure. – Teddy Katayama Aug 03 '22 at 07:57
Also for Step 8, you need to ensure you have set the `core/project` property. Else you'll end up getting the following error: "ERROR: (gcloud.alpha.iap.oauth-brands.create) Error parsing [project]. The [name] resource is not properly specified. Failed to find attribute [project]. The attribute can be set in the following ways: - provide the argument `--project` on the command line - set the property `core/project`" To do that run: `gcloud config set project `. – Shripad Krishna Aug 15 '22 at 17:34
1

Still working Sep 12, 2022 :) THANKS SO MUCH FOR THIS!! The only way I manage to survive using Google products is through StackOverflow posts like this. – gadicc Sep 12 '22 at 03:38
**This broke our OAuth app and we cannot make changes or add credentials.** – a paid nerd Sep 28 '22 at 16:06
This does work if you follow all the steps correctly. Be aware that when you copy the curl request from Chrome, it gives you two (one is compressed) and you have to delete the second one. – dopey Oct 09 '22 at 10:51
This worked for me. This man is out here doing God's work... Thank you! – thestephenstanton Oct 11 '22 at 23:37
What if I don't have any organization? My project belongs to "No organization" and `gcloud alpha iap oauth-brands create --application_title='' --support_email='<email>'` returns error `INVALID_ARGUMENT: Project must belong to an organization.`</email> – Anton Holovin Nov 19 '22 at 20:31
1

I confirm it worked for me (jan 2023). But be careful, for some reason, if your project does not belong to an organization, you will be stuck. I had to add mine to a new one to make it work at the end. @SamuliAsmala could you warn people at the begining of your answer that they will be stuck at the step 8 if they are not able to add their project to an organization? – hlustosa Jan 12 '23 at 19:35
Good point @hlustosa, I added warning to the beginning. – Samuli Asmala Jan 13 '23 at 05:36

score 4 · Answer 3 · answered Aug 12 '20 at 18:44

4

For those who were unable to update it using the 'PUT' method (as answered by @Chris32 )and are ready to delete the consent screen and create a new one, can simply replace 'PUT' with 'DELETE' and remove --data-binary section (as delete doesn't take any payload) and can run it using a regular bash shell.

answered Aug 12 '20 at 18:44

Abhishek Srivastava

186
1
6

I did this. The request returned 200. It took around 2 or 3 minutes for it to reflect on the UI. – Alex Benfica Aug 19 '20 at 16:28
1

Worked immediately. Thanks! – Charles Engelke Aug 26 '20 at 20:48
@AlexBenfica Do you only changed `PUT` to `DELETE` and removed `--data-binary` section? Doing this in my case request returned `"error": {"code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" }` – Alexandr Aug 31 '20 at 07:38
1

If I remember well... that was all I did. But I might have removed any other parameter that does not make sense for a DELETE call. – Alex Benfica Aug 31 '20 at 21:07
Works! Thank you! What a terrible experience by google – Taufiq Muhammadi Sep 07 '20 at 02:04
1

also getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } } – jasan Sep 16 '20 at 09:12
1

This no longer works for me, I'm getting a 404 error. – A H Nov 04 '20 at 17:12

score 2 · Answer 4 · answered Sep 17 '20 at 18:00

2

The methods above did not work for me, I kept getting INVALID_ARGUMENT. This is because I had client credentials in the project. I had to delete the client credentials and the DELETE request method (without data-binary) worked for me.

answered Sep 17 '20 at 18:00

anupkrish24

21
1

score 2 · Answer 5 · answered Nov 05 '20 at 01:59

I have tried all the above solutions, and see that we no longer can send "DELETE" requests, as cURL sends 404 responses.

My solution is that I submitted my app for verification (you don't have to pay unless you request sensitive/restricted scopes, and even then, they will send you an email with a confirmation of pricing etc).

This allows you to use the consent screen as before, without the icon, but without verification. (When you're verified, they will let you use your icon).

Once a representative gets back, let them know you intend your app to be used internally, and you just want them to delete the image.

Always 404 error here with `DELETE` method as well, `PUT` doesn't work either :-( No sensitive/restricted scope asked. OAuth consent screen still "needs verification" presumably because of the app icon. Tried to submit for verification twice 3 days ago but still got no validation nor message from Google. Creating a new app would mean losing all public reviews / usage stats :-( Very frustrating. — Maxime Pacary, Dec 14 '20 at 10:33

score 2 · Answer 6 · answered Feb 23 '22 at 06:59

I've tried the requests method and it didn't work, and it put my project in a locked state where I couldn't edit it anymore. If you're just starting with the Play Services and it isn't yet in production, the easiest is honestly to drop the project and create a new one.

score 1 · Answer 7 · edited Sep 12 '20 at 08:01

1

[UPDATE] - 2020

Is still possibile to delete your previously uploaded logo through an API call, although it requires a little modification of the answer Abhishek Srivastava suggested.

You need to:

"Copy as cURL (bash)" as for the original answer
Replace the PUT method with DELETE
Do not remove the --data-binary section, instead clean it all up until it looks like this and nothing else: --data-binary '{"brandId":"<your_brand_id>"}'

This will remove your consent screen entirely,

edited Sep 12 '20 at 08:01

Dharman

30,962
25
85
135

answered Sep 12 '20 at 07:55

Mattia Pellin

19
2

3

also getting { "error": { "code": 400, "message": "Request contains an invalid argument.", "status": "INVALID_ARGUMENT" } } – jasan Sep 16 '20 at 09:13
You are probably sending the status also in the payload, double check your complete API call – Mattia Pellin Sep 17 '20 at 10:05
@jasan I had the same issue. I solved removing the "OAuth 2.0. Client ID" (under Credentials section) before proceeding with the curl command – Fasoeu Oct 23 '20 at 13:04
2

The DELETE call causes an ERROR 404 not found error – A H Nov 04 '20 at 16:43

ropsnou · Answer 8 · 2021-05-16T23:09:28.123

1

May 2021 - It is still possible to completely delete the consent screen! The following changes are needed compared to the original instructions:

remove /icon from the request URI. The updated URI should follow the format https://clientauthconfig.clients6.google.com/v1/brands/{BRAND_ID}?key={KEY}
change request method from PUT to DELETE
completely remove --data-binary or --data-raw part of the request

This will delete the entire consent screen (not just the icon), so that a new one can be created from scratch.

edited May 16 '21 at 23:09

answered May 16 '21 at 19:20

ropsnou

164
2
3

1

This method worked for me, but only after removing all API KEYS and Client-IDs associated with the project. – user2483352 May 24 '21 at 19:08
1

This didn't work correctly for me. I removed OAuth credentials associated with the project (there were no other keys/IDs for the project) and entered the shell command as specified. This cleared everything (including app name and logo) except Authorized domains and Developer contact information from the OAuth consent screen. It didn't delete the consent screen entirely. When I edit the consent screen, fill all required fields, and attempt to save and continue, I see, "An error saving your app has occurred." I guess I'll delete the project and start over. – Monyker May 25 '21 at 17:23
2

Didn't work for me and I had the same experience as @Monyker. "An error saving your app has occurred." response paylod had a reason for failure: `RESOURCE_DELETED` and the resource name in question was `brand`. – Samuli Asmala May 31 '21 at 05:29
2

Same here, messed up with the consent screen. I had to add the command `gcloud alpha iap oauth-brands create --application_title='' --support_email='<email>'`</email> – Simo Jun 27 '22 at 15:34

nguaman · Answer 9 · 2022-09-21T11:28:52.627

Just to be aware.

You may not be able to use "Auth0 consent screen" again after the recommendations of the others post.

{"error":{"code":5,"message":"The resource has been deleted.","details":[{"@type":"type.googleapis.com/google.rpc.ErrorInfo","reason":"RESOURCE_DELETED","domain":"clientauthconfig.googleapis.com","metadata":{"resource_name":"[\"brand\"]"}}]}}]

and if this happen, please use the follow command that @SamuliAsmala recomended.

gcloud alpha iap oauth-brands create --application_title="TITLE" --support_email="EMAIL"

score 1 · Answer 10 · edited Mar 23 '23 at 06:29

As of March 17, 2023, this functionality should finally be working according to Buganizer

I'm happy to share that you are now able to remove your app logo from the OAuth consent screen configuration in Google Cloud Console. We know that this has been very frustrating for our developer community, and apologize for how long it has taken to give you this basic capability.

Some details about the feature:

if your OAuth consent screen hasn't been verified, removing a logo takes effect instantly if you have completed verification, you cannot immediately remove your existing logo, but you can replace it and submit for re-verification (this seems counterintuitive, but it's part of our efforts to protect your developer account from abuse)

if you are stuck in verification and want to back out, you can change the Publishing Status back to "testing" (but beware that you should only do this if your app is not live with users, otherwise it may affect their ability to sign in)

This is one of many features that we are now actively working on to improve the OAuth experience, so you spend less time on configuration and can focus on building apps that delight our shared users. Thanks for your patience, and for being part of the Google Developers community.

score 0 · Answer 11 · answered Aug 23 '19 at 06:26

0

From my research so far, there is no way to remove the application logo from the consent screen.

You don't have to submit the account for verification unless you are asking for a permission mandating a verification.

answered Aug 23 '19 at 06:26

Dipen Bhikadya

3,318
3
21
19

1

@Chris32 has posted an answer which works. Marking his answer as the accepted answer. – Dipen Bhikadya May 13 '20 at 18:04

Vineet Jain · Answer 12 · 2021-07-27T18:41:27.083

Convert the status of the app from "Published" to "Testing" in your "OAuth consent screen" and see if it works.

I was in a similar situation where I had uploaded a logo and was being asked to submit my app for verification. I did submit my app for verification but with incorrect data for website details etc. The Google reviewer for my project got back mentioning this seems to be a internal/personal use app and to convert my project status to testing instead of published. After doing this I think my logo got deleted automatically from my project. So the moment we upload the logo the project moves from testing to published status and since there is a logo uploaded it has to go through the verification process.

Here is the mail I received from Google with the info links intact.

Please Note: If you define your project as a testing project then you need to provide tester email ids for this project

score 0 · Answer 13 · answered Nov 25 '21 at 12:12

I had the same issue, uploaded a logo image by mistake, but I don't see a problem here. I just went ahead and submitted for verification and a few hours later I received this email:

Thanks for submitting a verification request.

If your app doesn't need to display an icon, you can skip the verification process and no action is required. If you do skip the verification process, the existing functions of your app won't change, as long as the scopes used by your project don’t change.

Otherwise, if you’d like to continue with the verification process:

Make sure you’ve completed all the required steps. Reply directly to this email to let us know. The review process can take up to 6 weeks. Thanks for your patience during this period.

So just don't respond and don't finish the required steps and the verification process will stop automatically without affecting your app.

score 0 · Answer 14 · answered Jun 27 '22 at 16:34

I recently had to complete the verification process and one of the requirements was that the developer privacy policy page or link contain the logo. My plan was to use the policy for all my apps if I could so I added a transparent png file the right size and removed the logo off my development web site and verification for branding passed fine. I did not know at the time that adding a simple logo triggered all these requirements; I just wanted oauth to work. For me the oauth screen did not even pop up until Google had verified my app. [just a spinning progress bar]

score 0 · Answer 15 · answered Aug 15 '22 at 19:45

@Samuli Asmala's answer is correct. However, Step 8 will sometimes throw the following error:

ERROR: (gcloud.alpha.iap.oauth-brands.create) Error parsing [project].
The [name] resource is not properly specified.
Failed to find attribute [project]. The attribute can be set in the following ways:
- provide the argument `--project` on the command line
- set the property `core/project`"

So to fix this run the following command:

$ gcloud config set project <PROJECT-ID>

OAuth consent screen - ability to remove application logo

15 Answers15

Linked