Google OAuth Consent Screen shows mongodb.com

I followed MongoDb Stitch docs to setup Google OAuth. Everything works fine, except that the user consent screen shows “mongodb.com” instead of my own domain. Google Consent Screen shows the domain from which the request is coming from, not the app name set in the Google console.

I thought that I have to let Google verify my web app to make it show my web apps name and logo. Unfortunately, after 5-6 email exchanges I received an email from Google telling me that I have to be the owner of mongodb.com to proceed with my verification. All of the Authorized Javascript Origins and Redirect URLs should be owned by me.

So in summary, with current setup it is not possible to show your own web app’s name, because there is no way for me to claim ownership of mongodb.com.

Any ideas on how this could be solved this? Thank you!

Are you saying that your are using a custom domain (and stitch is configured to server your app at <yourdomain.extention> but you still see this in Google Auth screen:
Screen Shot 2020-02-13 at 9.26.00 PM

I think that comes from Google Auth being configured to redirect back to mongodb.com stitch…
I haven’t seen a way to get that altered but I’ll check with the Stitch team and see if they know of any workarounds…

Exactly. I think the initial auth request is also triggered by stitch, so all that Google sees is mongodb domain. Thank you for your fast reply! I’m really interested if there is a workaround.

Ok I suspect this has something to do with the underlying URL that it will be returning to - in my case that’s https://us-east-1.aws.stitch.mongodb.com In other words, they are saying, whatever this looks like, the web page you will be returned to is actually hosted by mongodb.

I’m checking with the Stitch team to see if I’m overlooking something but it seems like this feature either doesn’t exist or doesn’t work - either way the team will let me know (or maybe they’ll post here themselves).

1 Like

Hi again,
Drew DiPalma answered at https://mongodb.canny.io/ to the same question:

Hi Dimitar – After some additional investigation with the engineering team, there doesn’t seem to be a way around this at this time. We are looking into an improvement for later in the year that would allow greater flexibility with using Custom Domains + Stitch and will keep this in mind.

This is unfortunate. More than 50% of users in my beta test used Google login.
I assume, as a workaround, I can implement custom JWT Google authentication.

That’s really weird because I just tried it again and this time it didn’t show mongodb.com like before!!!

That’s strange. I tried but I still see the mongodb.com link.