Hey Makers

Are you running into the “Failed to verify connection. Status Code Error: 400” error in your scenarios featuring Gmail or Google Drive modules? We’ve got some tips to help you overcome it.

Understanding the issue

Due to Google’s updated security policy, unpublished apps can only have a 7-day authorization period. After the OAuth security token expires, the connection is no longer authorized and any module relying on it will fail.

Preventing Google connection expiration

To prevent your Google connection from expiring, you can opt for any of the three options described below.

Option 1: Opt for a paid Google plan (Google Workspace).

Option 2: Update the publishing status.

If you are @gmail.com or @googlemail.com user, you need to create an OAuth client on the Google Cloud Platform to set up your connection.

→ You can find more information on how to do that here: Connecting to Google services using custom OAuth client

To avoid weekly reauthorization, you can update the publishing status of your project in Google Cloud Console.

• If your project is in “Testing” status, reauthorization is required weekly. To avoid this, update the project status to ‘In production’.

• If your project is in “In production” status, it does not require weekly reauthorization.
  
  

To update the status of your project, log into the Google Cloud console, navigate to the “OAuth consent screen,” and click the “Publish app” button next to your Make app.

531×281 37.3 KB

If you see the notice “Needs verification” once you’ve published your app, you can choose whether to go through the Google verification process for the app or to connect to your unverified app.

602×444 53.3 KB

When setting your status to “In production”, you don’t need to register as a test user.

You will get a warning when creating your connection but you can proceed anyway by selecting “Show advanced” > “Go to integromat.com”.

696×423 18.5 KB

687×540 27.4 KB

For more information on publishing statuses, check out the “Publishing status” section of Google’s Setting up your OAuth consent screen help.

Important

Currently, connecting to unverified apps is possible in Make. However, we cannot guarantee that Google will indefinitely allow connections to unverified apps.

Option 3: Manually reauthorize the connection every week.

→ Navigate to the “Connections” tab under your Make account, click “Verify”, and then hit “Reauthorize”.

1600×505 119 KB

Hello,
Thanks for the tips.
To be sure : do we have to perform the 3 actions in “Preventing Google connection expiration” or only one of them ?

As I understand, those are 3 different options, but could be better described.

Hello @Thibaud_Lemaire thanks a lot for raising this and apologies for not being clear enough in the guide

As @EliasGomez is saying, these are three different options.

Hello,
Thanks for your input.
When setting OAuth publishing status to ‘In production’, the message from Google is:
“Your app will be available to any user with a Google Account.”
Sounds it’s a lot
How to protect my app from being used by every Google users?
Thanks in advance for your advice

Hey there @pbufferne !

This is correct in comparison to an In Testing app as those can only be accessed if your email is registered as a test user. However, for “any Google account” to access your In Production app, they would either need to be using some integration you developed and made public intentionally or know its Client ID and Secret.

So in practice, if you’re using it only in Make, it’s not quite as they say that just anyone can use it.

I hope this clarifies a bit!

Just to be clear, never share your Client Secret, or screenshot it. This severely compromises the security of the Google Cloud app/project.

Thanks Bruno_T, very clear!

Google asks for “Application home page” and “Application privacy policy link”: “To protect you and your users, Google only allows apps using OAuth to use Authorized Domains. The following information will be shown to your users on the consent screen.”

What home page and privacy policy link should we add here? Also, Google says they also require domain validation. Does this mean we cannot publish the app to ensure the Make connection works in the long term?

Also: is there a way for Make to notify me a day before the connection expires? Disabling my connection last-minute will only make things worse and not really help at all. Ideally we should be notified to refresh the connection (even for the test/weekly scenario).

It does say that you should be able to ignore that aspect and still successfully not have to reauthorize every 7 days. I just setup mine up with the OAuth client and will leave it without the required verification info to see if this works.

I do have a paid Google plan (Google Workspace Starter) and this is still happening to me. I have to reauthorize once a week. Anyone know why?

Same thing happening with me, I have a paid account and it keeps disconnecting, please sort this out!

I have the same problem. It worked well for almost 1 year. and now it does not work. I tried to do the whole process again from scratch but still did not work. Any ideas?

Hi Michaela

Thank you for the helpful summary.

I have a few questions:

1. I read that these issues happen even with a paid Google Workspace account. Some users mentioned that. Is there new information on why that is?

2. Why is connecting Google with Make.com so much harder than connecting Google with Zapier?

3. When choosing Option 2: Update the publishing status Google warns me that the OAuth client is limited to 100 sensitive scope logins until the OAuth consent screen is verified. Does that mean that the scenario will suddenly stop working?
   

   

   750×326 27.4 KB

Thank you so much!
Kind regards
Bettina

Hi @Barbara2

Setting the status to “published” is essential when creating a connection through your own project in Google Cloud console. However, please note that we cannot guarantee that Google will allow connections to unverified apps indefinitely. You can find more details in this Help Center article.

image1666×624 136 KB

If you’re experiencing any issues while updating your publishing status, or if have any additional questions, please open a ticket with us. Our support team will be happy to assist you.

Hi @Michaela, I followed all of the steps. The Google Cloud App is in production. It does see that integromat.com has access to 3 permissions.Then the purple button switches to Verifying… for a few seconds, and it switches back to Reauthorize. It’s an infinite loop. The same process is soooo simple in zapier. Why is this so complicated on make.com???

I got to the same point and I don’t see that anyone has answered this question. Does anybody have an answer that they can share. Connecting to Gmail is my first step and an hour later I finally got stuck here in the process. Thanks

Did it work for you?

Yes, I’ve had this live for over a year and haven’t had to reauthorize at all and it’s working as intended.

@Melanie_Lavigueur It’s actually a poor design choice on their part, hence confusing. When you set it up and it’s connected that button is simply to help reauthorise. For example, if in testing on a weekly basis and if “published” every 6 months or so.

You will know that reauthorisation is required when you either have issues or when you set up a new gmail module, for example, and see a warning below your connection.