Share via

Incomplete login to a GMail account using OAuth 2.0

RogerSchlueter-7899 1,671 Reputation points
2026-03-19T10:46:46.5666667+00:00

I am using this code (from here):

const string GMailAccount = "******@gmail.com";

var clientSecrets = new ClientSecrets {
    ClientId = "XXX.apps.googleusercontent.com",
    ClientSecret = "XXX"
};

var codeFlow = new GoogleAuthorizationCodeFlow (new GoogleAuthorizationCodeFlow.Initializer {
    // Cache tokens in ~/.local/share/google-filedatastore/CredentialCacheFolder on Linux/Mac
    DataStore = new FileDataStore ("CredentialCacheFolder", false),
    Scopes = new [] { "https://mail.google.com/" },
    ClientSecrets = clientSecrets
});

var codeReceiver = new LocalServerCodeReceiver ();
var authCode = new AuthorizationCodeInstalledApp (codeFlow, codeReceiver);
var credential = await authCode.AuthorizeAsync (GMailAccount, CancellationToken.None);

if (authCode.ShouldRequestAuthorizationCode (credential.Token))
    await credential.RefreshTokenAsync (CancellationToken.None);

var oauth2 = new SaslMechanismOAuth2 (credential.UserId, credential.Token.AccessToken);

using (var client = new ImapClient ()) {
    await client.ConnectAsync ("imap.gmail.com", 993, SecureSocketOptions.SslOnConnect);
    await client.AuthenticateAsync (oauth2);
    await client.DisconnectAsync (true);
}

which gives this window:

g1

When I click on my Gmail account, I get::

g2

g3

Finally, clicking on "Related developer documentation" leads to this page.

On that link, I don't see how to eliminate these screens and allow my app to directly gain access to my Gmail account. Any suggestions are appreciated.

Developer technologies | C#
Developer technologies | C#

An object-oriented and type-safe programming language that has its roots in the C family of languages and includes support for component-oriented programming.

Answer accepted by question author
  1. Nancy Vo (WICLOUD CORPORATION) 2,305 Reputation points Microsoft External Staff Moderator
    2026-03-20T06:52:49.37+00:00

    Hi @RogerSchlueter-7899 ,

    Thanks for your question.

    This occurs because of Google's standard protection when your OAuth app is in testing publishing status. The gmail account you're signing in with is not recognized as an allowed "developer-approved teste" (test user). Even if you think you added it earlier, Google sometimes doesn't apply the change immediately.

    This is my recommended solution:

    1. Open your browser and go to Google cloud console.
    2. Make sure you're in the correct project by checking the name of project at the top bar dropdown.
    3. On the left menu, you click Audience and then look for Test users list.
    4. It should show a table or list of emails. Check if your email is there. If not, click Add users and type your full email carefully, then save.
    5. There are some important extra checks on the same page:
    • Publishing status must be Testing. If it's Production, then edit and change back to Testing.
    • User Type should be External.
    1. Finally, after saving the changes, wait some minutes since Google propagation can delay. Close browser and run your program again. Now, you should see Google hasn't verified this app. Then you click continue, and you'll be able to sign in with your Gmail account.

    I tested this solution on my side and it worked. Please try it and let me know if you have any issues or questions.

    I hope this addresses your question. If this response was helpful, I would greatly appreciate it if you could follow the guidance to provide feedback. Thank you. enter image description here

    0 comments

1 additional answer

Sort by: Most helpful
Most helpful Newest Oldest
  1. Q&A Assist
    2026-03-19T10:47:06.4466667+00:00
    AI generated content. This question contains an answer created with AI from Q&A Assist. Learn more

    The Google screens and the 403: access_denied error are not controlled by the C# code or by MimeKit; they come from the configuration and verification state of the Google Cloud OAuth client.

    To get past these prompts and allow the app to access Gmail via OAuth 2.0, the Google project and consent screen must be configured and the app either kept in a limited test mode or fully verified:

    1. In Google Cloud Console, create or select a project and configure the OAuth consent screen.
    2. Set the user type:
      • Internal – for a Google Workspace tenant where only users in the organization will use the app.
      • External – for consumer Gmail accounts or broader access.
    3. Add the Gmail scopes that the app needs (for full IMAP access, https://mail.google.com/).
    4. Add the test users (their Google accounts) if the app remains in testing mode. Only those accounts can complete sign‑in while the app is unverified.
    5. Create OAuth client credentials of type Web application, and configure the redirect URI used by the app (for example, the loopback URI used by LocalServerCodeReceiver).
    6. Use the resulting client ID and client secret in the C# code.
    7. If the app must be used by users beyond the small test group, submit the app for Google verification as described in Google’s production‑readiness and brand‑verification guidance. Until verification is complete, Google will block or heavily warn on high‑risk scopes like Gmail.

    The prompts cannot be removed entirely; they are required consent screens for OAuth. The only way to avoid the “Access blocked… has not completed the Google verification process” error is to configure the consent screen correctly, restrict usage to test users, or complete Google’s verification so the app is trusted for the requested Gmail scopes.

    References:

    1 person found this answer helpful.

Your answer

Answers can be marked as 'Accepted' by the question author and 'Recommended' by moderators, which helps users know the answer solved the author's problem.