Considering how so many things have an API due to client-side development, is there not a possibility to automate the OIDC workflow from your own end, such as in a customized app on your own servers that provides a wizard interface for your clients?

I'll tell you the problem with Google (in my experience). They've moved to Big Company cash cow mode. They even use SAP Ariba ... which dictates that their teams are silo'd and ultra rigid ... and so dealing with them is a nightmare.

N=1

There's a reason Google has a reputation of "Don't use it for anything that you can't afford to have disappear with no notice or recourse."

You also can't expect it to get any better, both because Alphabet has never shown any interest in improving things and because you and the services you've been using them for aren't the new AI hotness. Even if you're absurdly profitable for them (and you're clearly not) you're not in an area that their internal people are competing to serve.

> Clearly, I cannot rely on having a Google account for production use cases. Google has built a complex, unreliable system

You cant use anything from Google. I only use gmail, my mail account only got banned one time for a week. For years I thought the punishment for using gmail was just a mater of time. I tried to imagine what weird things could trigger it. Maybe they will one day just end the service because it isn't profitable enough?

I decided the most likely would be that the mail account gets banned as a punishment for using any of their other services.

Then I made the "mistake" to switch from iphone to android. It almost immediately started complaining that my mailbox was full. The new reality is that each and every button I press on the phone could potentially end my mailbox.

Now that they [also] have very sophisticated LLM's the crappy customer service seems intentional.

As certain youtuber says - go where you're treated best.

Google ain't it.

The google docs they point to say

> You can access data from your users' Google Cloud projects by creating a service account to represent your service, and then having your customers grant that service account appropriate access to their cloud data using IAM policies. Note that you might want to create a service account per customer if you need to avoid confused deputy problems.

If you look at most SaaS services, they rarely use a service account per customer. IMO it's no different than any part of your own services where you need to handle multiple customers. Creating multiple service accounts is just overhead.

The problem is that they manage customers through automation. If the system flags you, you’re out. By using their products, you accept the risk of being cut off.

Until people stop building applications with hard dependencies on "other people's computers" this is going to keep happening.

Gcp still can’t change our street address because of the d-u-n-s validation (of course d-u-n-s actually uses our new address… and all other vendors are fine with it). How bad must their service be that they can’t change a fucking address. Oh and the free billing support is horrible, always the same response like ‘a special team is working on it’.. yeah sure and they can’t fix an address for like a month. It’s worse since all our invoices use the old address which in Germany is a fucking problem. Time to make a migration plan.

You only got what you deserve for knowingly using proprietary software on cloud (just someone elses computer). You deserve no sympathy.