Gmail OAuth2 Error 400: invalid_request (redirect_uri is correct, domain verified)?

Describe the problem/error/question

I’m trying to connect Gmail via OAuth2 in my self-hosted n8n instance (Docker on Hetzner), but I always receive the error:

Access blocked: Authorization error

Error 400: invalid_request

redirect_uri=https://a1.domain.com/rest/oauth2-credential/callback

flowName=GeneralOAuthFlow

I followed all steps from n8n docs, added the redirect URI in Google Cloud Console, and verified my domain ownership via Google Search Console.

Everything seems configured correctly, including:

• OAuth consent screen (external, “testing” mode, added test user)
• Authorized domain domain.com
• Redirect URI: https://a1.domain.com/rest/oauth2-credential/callback
• Scopes:https://www.googleapis.com/auth/gmail.readonly https://www.googleapis.com/auth/gmail.send

Still getting blocked at the Google login step.

What is the error message (if any)?

Access blocked: Authorization error

Error 400: invalid_request

Please share your workflow

The error occurs when clicking Sign in with Google on a Gmail OAuth2 credential — no workflow involved yet.

Share the output returned by the last node

N/A – setup step before any node executes.

Information on your n8n setup

• n8n version: 1.88.0
• Database: SQLite
• EXECUTIONS_PROCESS: own, main
• Running via: Docker (self-hosted, Hetzner VPS)
• OS: Ubuntu 22.04

I saw information:
Gmail-scope gmail.readonly belongs to “Restricted Scopes”
“To work with Gmail API, use SMTP-node or external mail service.
Gmail OAuth2 with restricted scopes is possible only after passing Google Verification.” Is it true?