Skip to content

Google OAuth Key

Service Name: Google OAuth

Service Description: Google OAuth is an authentication protocol that allows third-party applications to access Google services on behalf of users without exposing their credentials.

Service Address: https://developers.google.com/identity/protocols/oauth2

Google OAuth Key

  • Validation Type: -
  • IP Allow list: Does not exist
  • Secret Access Scope: Grants access to Google APIs on behalf of a user, allowing applications to request permissions to access user data.
  • Secret Revokement URL: https://myaccount.google.com/permissions
  • Secret Example: 123456789012- abcdefghijklmnopqrs.apps.googleusercontent.com
  • Suspicious Activity Investigation Instructions:
  • Check Google Cloud Console for unauthorized API usage or unusual activity patterns
  • Review OAuth consent screen settings for any unauthorized changes
  • Examine application usage statistics for unexpected spikes in API calls
  • Check for unknown applications with access to your Google resources
  • Review Google Cloud audit logs for suspicious authentication events
  • Mitigation Instructions:
  • Immediately revoke the compromised OAuth key in Google Cloud Console
  • Navigate to Google Cloud Console > APIs & Services > Credentials
  • Locate the affected OAuth 2.0 Client ID and delete it
  • Create a new OAuth client ID with proper restrictions
  • Update your application with the new credentials
  • Consider implementing additional security measures like IP restrictions and limited scopes
  • Review and update your application's OAuth consent screen settings