Similar frustrations. I was only able auth using some Google app I created for an old project years ago that happened to have the right bits.

It wild that this process is still so challenging. There's got to be some safe streamlined way that sets up an app identity you own that can only use to access your own account.

My guess is that organizationally within Google, the developer app authorization process must have many teams involved in its implementation and many other outside stakeholders. A single unified team wouldn't responsible for this confusion and complexity. I get why... it's a huge source of bad actors. But there's got to be a better way.

I’ve been really unhappy with pretty much every Google product I’ve used except their consumer productivity tools — Gmail, Calendar, and Meet. Diving into Google Cloud has been extremely unsatisfactory

I find https://github.com/steipete/gogcli a bit easier (but still confusing to setup)

Google Workspace API(s) keys and Roles was always confusing to me at so many levels .. and they just seem to keeping topping that confusion, no one is addressing the core (honestly not sure if that is even possible at this point)

I have "Advanced Protection" turned on, so I just can't use this at all, because my newly created Google Cloud GCP app isn't trusted (even though I own it and I'm requesting read-only scopes). What a mess.

  Access blocked: [app name] is not approved by Advanced Protection. Error 400: policy_enforced

Auth is a massive pain across almost all Google products.

Just being able to send commands to my Nest thermostat (which I own, and is on the same LAN) involved creating a cloud account, a "project" (wtf is a project, I just want an API key damnit, this isn't JIRA), a billing account, enabling billing, enabling the billing account, creating another account somewhere else on some other Google site, doing through mountains of 2FA issues in the process where I had to tap "Yes" on another device instead of the device I was actually using, enabling the project in the other account, installing it, publishing it, paying $5 somewhere in between and I didn't understand exactly for what, ...

Why the hell can't I set my temperature with a simple "curl" command to the thermostat's LAN IP? At the most with a simple "Authentication: Bearer" header?

had the same frustration trying to set up Google analytics MCP server: https://github.com/googleanalytics/google-analytics-mcp

getting the authentication to work is a real pain and it's basically preventing people access to an otherwise really good and useful MCP

Imagine a marketing person trying to set it up...

There are many gotchas in this process and unfortunately there is no easy way to deal with the OAuth setup.

i had to do all that the last time i wanted to do a little js in my google sheets. when i saw their quick start required gcloud already set up, i decided not to bother trying this out. idk why google makes something that should take 15s (clicking “ok” in an oauth popup) take tens of minutes to hours of head scratching.

I used Claude in chrome and Claude Code. It did everything for me.