Troubleshoot authentication & authorization issues

  • The page addresses common authentication and authorization issues like "This app isn't verified," file not found errors forcredentials.json, expired or revoked tokens, and various JavaScript errors.

  • The "This app isn't verified" warning appears if your app requests sensitive scopes and requires verification to remove limitations.

  • A "File not found error for credentials.json" indicates the desktop application credentials have not been authorized and the file needs to be created and placed in the working directory.

  • "Token has been expired or revoked" errors mean the access token is no longer valid and refer to documentation on refresh token expiration for solutions.

  • Common JavaScript errors covered includeorigin_mismatch (origin URL doesn't match),idpiframe_initialization_failed: Failed to read the 'localStorage' property from 'Window' (third-party cookies blocked), andidpiframe_initialization_failed: Not a valid origin for the client (registered domain doesn't match hosting domain).

This page describes some common issues that you might encounter involvingauthentication and authorization.

This app isn't verified

If the OAuth consent screen displays the warning "This app isn't verified," yourapp is requesting scopes that provide access to sensitive user data. If yourapplication uses sensitive scopes, your app must go through theverification process to remove that warning and other limitations. During the development phase, youcan continue past this warning by selectingAdvanced > Go to {Project Name}(unsafe).

File not found error for credentials.json

When running the code sample, you might receive a "file not found" or "no suchfile" error message regarding credentials.json.

This error occurs when you have not authorized the desktop applicationcredentials. To learn how to create credentialsfor a desktop application, go toCreate credentials.

After you create the credentials, make sure the downloaded JSON file is saved ascredentials.json. Then move the file to your working directory.

Token has been expired or revoked

When running the code sample, you might receive a "Token has been expired" or"Token has been revoked" error message.

This error occurs when an access token from the Google Authorization Server haseither expired or has been revoked. For information about potential causesand fixes, seeRefresh token expiration.

JavaScript errors

The following are some common JavaScript errors.

Error: origin_mismatch

This error occurs during the authorization flow if the host and port usedto serve the web page doesn't match an allowed JavaScript origin on yourGoogle Cloud console project. Make sure you set an authorizedJavaScript origin and that the URL in your browser matches the origin URL.

idpiframe_initialization_failed: Failed to read the 'localStorage' property from 'Window'

This error occurs when third-party cookies and data storage aren't enabledin your browser. These options are required by the Google Sign-in library. Formore information, see3rd-party cookies and data storage.

Note: In your own app, you should prompt users to enable third-party cookies anddata storage or add an exception foraccounts.google.com.

idpiframe_initialization_failed: Not a valid origin for the client

This error occurs when the domain registered doesn't match the domain beingused to host the web page. Ensure that the origin you registered matches the URLin the browser.

Except as otherwise noted, the content of this page is licensed under theCreative Commons Attribution 4.0 License, and code samples are licensed under theApache 2.0 License. For details, see theGoogle Developers Site Policies. Java is a registered trademark of Oracle and/or its affiliates.

Last updated 2025-12-11 UTC.