Hi Nylas Team,
I’m experiencing an issue with Google OAuth integration using Nylas Hosted Auth where test users are getting blocked even though they’re properly configured in Google Cloud Console.
Problem:
When using Nylas hosted authentication (/v3/connect/auth), users get “Access blocked: nylas has not completed the Google verification process” error, even though:
• The user is added to Google Cloud Console test users list
• My Google project is in “Testing” mode
• Direct Google OAuth (bypassing Nylas) works fine with the same user
OAuth Flow Analysis:
Step 1 - Initial Nylas auth URL:
https://api.us.nylas.com/v3/connect/auth?client_id=bb429b1d-eb75-4e6e-954c-acf21628b5a3&redirect_uri=https%3A%2F%2Fapi.letsconnekt.com%2Fapi%2Fv1%2Fcommunication%2Fgoogle%2Fcallback&provider=google&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fgmail.modify
Step 2 - Google OAuth URL (shows my client_id correctly):
https://accounts.google.com/o/oauth2/v2/auth/oauthchooseaccount?client_id=570849226519-bsdmaiflpi56sgd1ic58qbp64lg4prn5.apps.googleusercontent.com&redirect_uri=https%3A%2F%2Fapi.us.nylas.com%2Fv3%2Fconnect%2Fcallback
Step 3 - Results in error:
“Access blocked: nylas.com has not completed the Google verification process”
My Configuration:
Google Cloud Console:
• Publishing status: Testing
• User type: External
• Test user added and verified
• Authorized redirect URIs include both:
- p[api.us.nylas.com/v3/connect/callback
- [my-api-domain]/api/v1/communication/google/callback
• Scopes: gmail.modify, userinfo.email, userinfo.profile, openid
Nylas Configuration:
• Client ID: bb429b1d-eb75-4e6e-954c-acf21628b5a3
• Region: US (api.us.nylas.com)
• Redirect URIs configured in the dashboard
What Works:
• Google OAuth Playground with same client_id works fine
• Direct Google OAuth (bypassing Nylas) works with same test user
• Issue ONLY occurs with Nylas hosted auth
Key Questions:
- Does Nylas use its own Google project internally that needs verification?
- How should Google “Testing” mode work with Nylas hosted auth?
- Is direct OAuth integration recommended for development instead?
- Any additional setup needed for test users with hosted auth?
Observations:
- Error specifically mentions “nylas has not completed verification”
- OAuth flow shows my Google client_id correctly
- Redirect URI switches from my callback to nylas callback
- Suggests Nylas might use internal OAuth app
Environment:
- Nylas API v3
- Node.js backend
- Region: US
- Blocking development/testing workflow
Screenshots attached showing error flow and configuration (sensitive data redacted).
Any guidance would be greatly appreciated!
Thanks!
