Gmail/Google Drive verification issues (error 400): how to solve

Hey Makers :wave:

Are you running into the “Failed to verify connection. Status Code Error: 400” error in your scenarios featuring Gmail or Google Drive modules? We’ve got some tips to help you overcome it.


Understanding the issue :thinking:

Due to Google’s updated security policy, unpublished apps can only have a 7-day authorization period. After the OAuth security token expires, the connection is no longer authorized and any module relying on it will fail.

Preventing Google connection expiration :lock:

To prevent your Google connection from expiring, you can opt for any of the three options described below.


:purple_circle: Option 1: Opt for a paid Google plan (Google Workspace).


:purple_circle: Option 2: Update the publishing status.

If you are @gmail.com or @googlemail.com user, you need to create an OAuth client on the Google Cloud Platform to set up your connection.

→ You can find more information on how to do that here: Connecting to Google services using custom OAuth client


To avoid weekly reauthorization, you can update the publishing status of your project in Google Cloud Console.

  • If your project is in “Testing” status, reauthorization is required weekly. To avoid this, update the project status to ‘In production’.

  • If your project is in “In production” status, it does not require weekly reauthorization.

To update the status of your project, log into the Google Cloud console, navigate to the “OAuth consent screen,” and click the “Publish app” button next to your Make app.


If you see the notice “Needs verification” once you’ve published your app, you can choose whether to go through the Google verification process for the app or to connect to your unverified app.



When setting your status to “In production”, you don’t need to register as a test user.

You will get a warning when creating your connection but you can proceed anyway by selecting “Show advanced” > “Go to integromat.com”.

:arrow_down:

For more information on publishing statuses, check out the “Publishing status” section of Google’s Setting up your OAuth consent screen help.


Important :rotating_light::rotating_light:

Currently, connecting to unverified apps is possible in Make. However, we cannot guarantee that Google will indefinitely allow connections to unverified apps.


:purple_circle: Option 3: Manually reauthorize the connection every week.

→ Navigate to the “Connections” tab under your Make account, click “Verify”, and then hit “Reauthorize”.

5 Likes

Hello,
Thanks for the tips.
To be sure : do we have to perform the 3 actions in “Preventing Google connection expiration” or only one of them ?

1 Like

As I understand, those are 3 different options, but could be better described.

Hello @Thibaud_Lemaire thanks a lot for raising this and apologies for not being clear enough in the guide :pray:

As @EliasGomez is saying, these are three different options.

1 Like

Hello,
Thanks for your input.
When setting OAuth publishing status to ‘In production’, the message from Google is:
“Your app will be available to any user with a Google Account.”
Sounds it’s a lot :slight_smile:
How to protect my app from being used by every Google users?
Thanks in advance for your advice

Hey there @pbufferne !

This is correct in comparison to an In Testing app as those can only be accessed if your email is registered as a test user. However, for “any Google account” to access your In Production app, they would either need to be using some integration you developed and made public intentionally or know its Client ID and Secret.

So in practice, if you’re using it only in Make, it’s not quite as they say that just anyone can use it.

I hope this clarifies a bit!

2 Likes

Just to be clear, never share your Client Secret, or screenshot it. This severely compromises the security of the Google Cloud app/project.

5 Likes

Thanks Bruno_T, very clear!

2 Likes

Google asks for “Application home page” and “Application privacy policy link”: “To protect you and your users, Google only allows apps using OAuth to use Authorized Domains. The following information will be shown to your users on the consent screen.”

What home page and privacy policy link should we add here? Also, Google says they also require domain validation. Does this mean we cannot publish the app to ensure the Make connection works in the long term?

Also: is there a way for Make to notify me a day before the connection expires? Disabling my connection last-minute will only make things worse and not really help at all. Ideally we should be notified to refresh the connection (even for the test/weekly scenario).

It does say that you should be able to ignore that aspect and still successfully not have to reauthorize every 7 days. I just setup mine up with the OAuth client and will leave it without the required verification info to see if this works.

I do have a paid Google plan (Google Workspace Starter) and this is still happening to me. I have to reauthorize once a week. Anyone know why?

1 Like

Same thing happening with me, I have a paid account and it keeps disconnecting, please sort this out!

1 Like