Email from Google: "Inactive registered OAuth URIs for your project(s) will be removed"

Google has started sending out messages with the subject:

[Action Advised] Inactive registered OAuth URIs for your project(s) will be removed from Google Developer Console by July 12, 2021, for non-compliance with URI validation rules

And the leader:

We are writing to let you know that you have inactive OAuth redirect URIs and JavaScript origins in your Google Cloud project that are not in compliance with Google’s OAuth URI validation rules.

  • On July 12, 2021 , we will remove all inactive URIs that are invalid.
  • On September 13, 2021, we will remove all URIs that are not in compliance with redirect URIs and Javascript origins rules (including formerly inactive URIs trying to become active).

What do you need to do?

If you’re here, the URLs are likely referencing your Discourse site and this is your Google Login integration.

At the bottom of the email are details specific to your project such as:

If this project is unused (e.g. the site no longer exists), it can be deleted.

If the URL has changed since the project was set up and the old URL is unused, that URL can be deleted.

If the URL is http-only, it will need to be changed to https (as per the requirements linked above).

If it’s another case, feel free to ask about it here.

10 Likes

If I’m unable to update my app on the Play Store, which I think has this issue, will they remove my app from the Store? I don’t have the website anymore that I originally redirected to.

This advice is specific to projects supporting Discourse installs; I have no idea how Play store apps will be affected.

I suspect that they won’t, though if you’re redirecting users to a website out of your control that feels like a security problem.