Hi @jerryannie,

Welcome to the Google Cloud Community!

According to the official documentation [1],

"As part of the brand verification process, Google requires verification of all domains that are associated with an application's OAuth consent screen and credentials. We ask you to verify the domain component available for registration on a public suffix: the "top private domain." For example, an OAuth consent screen that's configured with an application home page of https://sub.example.com/product asks the account holder to verify ownership of the example.com domain.

The Authorized domains section of the OAuth consent screen editor needs to contain the top private domains that are used in the URIs of the App domain section. These domains include the app home page, privacy policy, and terms of service. The Authorized domains section also needs to include the redirect URIs and/or JavaScript origins authorized in your "Web application" OAuth client types."

You may also view this Stack Overflow thread that has a similar issue to yours.

For more information regarding verifying your site ownership, you may view this documentation.

I hope this answers your question.

You can always contact Google Cloud Support to further look into your case. Thank you!

[1]. https://developers.google.com/identity/protocols/oauth2/production-readiness/brand-verification#auth...