This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

OAuth Client Flagged for Deletion Despite Daily OAuth Authorization Flows

Posted 2 weeks ago
alexppppa
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

I received an email from Google stating that my OAuth client will be deleted due to 6 months of inactivity, but this appears to be incorrect based on my usage metrics.

My Setup:

Users authenticate through Google OAuth flow
My server receives the OAuth callback and exchanges the authorization code for Google tokens
My server then issues its own access tokens to users
Google token exchange only happens during initial user authorization

The Issue:

Google claims my OAuth client has been "inactive for at least five months"
However, my Google Cloud Console metrics clearly show daily OAuth requests (see screenshot)
I performed a complete OAuth flow (logout/login) as recently as yesterday
The metrics show "Number of OAuth requests per day" with consistent activity

Screenshot 2025-05-29 at 09.35.35.pngEvidence:

Current activity: ~5 OAuth requests per day
Recent OAuth activity visible in metrics dashboard through May 23rd
These are actual OAuth flows with token exchanges

Expected vs Actual:

Expected: Recent OAuth token exchanges should reset the 6-month inactivity timer
Actual: System still flagging client for deletion despite clear OAuth activity

Question: Is there a bug in the OAuth client inactivity detection system? The metrics dashboard and the deletion warning system seem to be tracking different things, or there's a synchronization issue between them.

Has anyone else experienced this discrepancy between their OAuth activity metrics and inactivity warnings?

Solved Solved
1 2 275
Topic Labels
Jump to Solution
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
smartermarks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Just wanted to share something here that got posted to another of these threads, in case somebody else is panicking a bit (like me). From this Reddit thread, Google have now added a "last used date" under the creation date in "Additional information" in the clients page. As I'm sure many suspected, a lot of these emails were sent out in error, and the last used date is apparently a reliable way to check that your clients will not be deleted.

View solution in original post

Jump to Solution
0 Likes
2 REPLIES 2

Posted on --/--/---- --:-- AM
smartermarks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

We received the same email this morning, stating that a critical client_id was about to be deleted for inactivity. Confirmed today that we're receiving valid access_tokens and id_tokens from the Google endpoint for each login. Our overview shows hundreds of OAuth requests per day, as expected.

Following your thread. Happy to provide more information, but need to know either that this client_id is not about to be deleted due to an error, or what we can do to ensure that Google's systems know that it's being used.

Jump to Solution
0 Likes

Posted on --/--/---- --:-- AM
smartermarks
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Just wanted to share something here that got posted to another of these threads, in case somebody else is panicking a bit (like me). From this Reddit thread, Google have now added a "last used date" under the creation date in "Additional information" in the clients page. As I'm sure many suspected, a lot of these emails were sent out in error, and the last used date is apparently a reliable way to check that your clients will not be deleted.

Jump to Solution
0 Likes
Top Solution Authors
View all