Bolt integration

Google OAuth Consent Screen Misconfigured in Bolt App

Users trying to log in with Google in your Bolt.new application encounter errors like 'This app isn't verified', 'Error 400: redirect_uri_mismatch', or a consent screen that requests terrifying permissions like 'See, edit, download, and permanently delete all your Google Drive files'. Some users see a blank screen after clicking 'Sign in with Google'.

Google OAuth is the most common social login provider, and a misconfigured consent screen will stop every user from signing up or logging in. The scary permission warnings or 'unverified app' screens cause users to immediately close the tab and never return, even if your app only needs basic profile information.

The issue stems from Google Cloud Console configuration not matching what your application code expects. Bolt generates the OAuth login flow in code but can't configure the Google Cloud Console for you, leading to mismatches between what Google expects and what your app sends.

Error Messages You Might See

Error 400: redirect_uri_mismatch Error 403: access_denied - The developer hasn't given you access to this app This app isn't verified - This app hasn't been verified by Google yet Error 401: invalid_client - The OAuth client was not found Error: popup_closed_by_user
Error 400: redirect_uri_mismatchError 403: access_denied - The developer hasn't given you access to this appThis app isn't verified - This app hasn't been verified by Google yetError 401: invalid_client - The OAuth client was not foundError: popup_closed_by_user

Common Causes

  • Redirect URI mismatch — The callback URL in your code doesn't exactly match what's registered in Google Cloud Console (wrong domain, missing path, http vs https)
  • OAuth consent screen in testing mode — The app is in 'Testing' status which only allows pre-approved test users, blocking all other signups
  • Excessive scopes requested — The code requests broad scopes like 'https://www.googleapis.com/auth/drive' when it only needs 'openid email profile'
  • App not verified by Google — Production apps requesting sensitive scopes must go through Google's verification process
  • Wrong OAuth client type — Created a Desktop or Android OAuth client instead of Web application type in Google Console

How to Fix It

  1. Fix redirect URI — In Google Cloud Console > APIs & Services > Credentials > your OAuth client, add your exact callback URL: https://yourapp.com/auth/callback/google (must match character-for-character)
  2. Publish the OAuth consent screen — Go to OAuth consent screen tab and click 'Publish App' to move from Testing to Production. This allows any Google user to sign in
  3. Request minimal scopes — Only request what you need. For login, use: scope: 'openid email profile'. Remove any Drive, Calendar, or other API scopes unless your app actually uses them
  4. Use correct client type — Delete the existing client and create a new one as 'Web application' type. Mobile and Desktop types don't support redirect-based OAuth flows
  5. Add all redirect URIs — Add both your development (http://localhost:3000/auth/callback/google) and production (https://yourapp.com/auth/callback/google) URIs
  6. Configure Supabase redirect — If using Supabase Auth, add https://your-project.supabase.co/auth/v1/callback to Google's authorized redirect URIs

Real developers can help you.

Taufan Taufan I’m a product-focused engineer and tech leader who builds scalable systems and turns ideas into production-ready platforms. Over the past years, I’ve worked across startups and fast-moving teams, leading backend architecture, improving system reliability, and shipping products used by thousands of users. My strength is not just writing code — but connecting product vision, technical execution, and business impact. Antriksh Narang Antriksh Narang 5 years+ Experienced Dev (Specially in Web Development), can help in python, javascript, react, next.js and full stack web dev technologies. Omar Faruk Omar Faruk As a Product Engineer at Klasio, I contributed to end-to-end product development, focusing on scalability, performance, and user experience. My work spanned building and refining core features, developing dynamic website templates, integrating secure and reliable payment gateways, and optimizing the overall system architecture. I played a key role in creating a scalable and maintainable platform to support educators and learners globally. I'm enthusiastic about embracing new challenges and making meaningful contributions. AUXLE AUXLE I am a Full Stack Developer experienced in building Websites, Web apps and Cross Platform Mobile Apps for Startups and Companies. Alvin Voo Alvin Voo I’ve watched the tech landscape evolve over the last decade—from the structured days of Java Server Pages to the current "wild west" of Agentic-driven development. While AI can "vibe" a frontend into existence, I specialize in the architecture that keeps it from collapsing. My expertise lies in the critical backend infrastructure: the parts that must be fast, secure, and scalable. I thrive on high-pressure environments, such as when I had only three weeks to architect and launch an Ethereum redemption system with minimal prior crypto knowledge, turning it into a major revenue stream. What I bring to your project: Forensic Debugging: I don't just "patch" bugs; I use tools like Datadog and Explain Analyzers to map out bottlenecks and resolve root causes—like significantly reducing memory usage by optimizing complex DB joins. Full-Stack Context: Deep experience in Node.js and React, ensuring backends play perfectly with mobile and web teams. Sanity in the Age of AI: I bridge the gap between "best practices" and modern speed, ensuring your project isn't just built fast, but built to last. Caio Rodrigues Caio Rodrigues I'm a full-stack developer focused on building practical and scalable web applications. My main experience is with **React, TypeScript, and modern frontend architectures**, where I prioritize clean code, component reusability, and maintainable project structures. I have strong experience working with **dynamic forms, state management (Redux / React Hook Form), and complex data-driven interfaces**. I enjoy solving real-world problems by turning ideas into reliable software that companies can actually use in their daily operations. Beyond coding, I care about **software quality and architecture**, following best practices for componentization, code organization, and performance optimization. I'm also comfortable working across the stack when needed, integrating APIs, handling business logic, and helping transform prototypes into production-ready systems. My goal is always to deliver solutions that are **simple, efficient, and genuinely useful for the people using them.** Tejas Chokhawala Tejas Chokhawala Full-stack engineer with 5 years experience building production web apps using React, Next.js and TypeScript. Focused on performance, clean architecture and shipping fast. Experienced with Supabase/Postgres backends, Stripe billing, and building AI-assisted developer tools. Vlad Temian Vlad Temian 15+ years shipping production infrastructure for startups. Former CTO at qed.builders (acquired by The Sandbox). Cursor ambassador and agentic tooling builder. I've scaled systems, automated deployments, and built observability tools for AI coding workflows. I specialize in taking vibe-coded apps from broken prototype to production-ready: fixing Supabase auth/RLS, Stripe integrations, deployment pipelines, and cleaning up AI-generated spaghetti. I build tools in this space (agentprobe, claudebin, micode) and understand both sides: how AI generates code and why it breaks. https://blog.vtemian.com/ Richard McSorley Richard McSorley Full-Stack Software Engineer with 8+ years building high-performance applications for enterprise clients. Shipped production systems at Walmart (4,000+ stores), Cigna (20M+ users), and Arkansas Blue Cross. 5 patents in retail/supply chain tech. Currently focused on AI integrations, automation tools, and TypeScript-first architectures. Yovel Cohen Yovel Cohen I got a lot of experience in building Long-horizon AI Agents in production, Backend apps that scale to millions of users and frontend knowledge as well.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help

Frequently Asked Questions

How do I move my Google OAuth app from Testing to Production?

Go to Google Cloud Console > APIs & Services > OAuth consent screen. Click 'Publish App'. If you only use basic scopes (openid, email, profile), verification is automatic. If you request sensitive scopes, Google will review your app which can take weeks.

Why do users see 'This app isn't verified' warning?

Your OAuth consent screen is either in Testing mode (only test users can sign in) or you're requesting sensitive scopes that require Google verification. For most apps, requesting only 'openid email profile' scopes avoids verification requirements.

Related Bolt Issues

PayPal Payment Integration Errors in Bolt App

integration

Twilio SMS Messages Not Sending from Bolt App

integration

Firebase Push Notifications Failing in Bolt App

integration

Can't fix it yourself?
Real developers can help.

You don't need to be technical. Just describe what's wrong and a verified developer will handle the rest.

Get Help