Google warning - Deceptive site ahead about oauth2-server HOT 8 CLOSED

Have you checked here to find out why Google is flagging the content? https://developers.google.com/search/docs/monitor-debug/security/social-engineering

from oauth2-server.

Yes the only information I can see there is the following:

It's basically impossible to get in touch with some human to get more info..
I'm offering since many years an adminstration saas solution, everything is completely legit. The business is online since almost 10 years and before oauth i never faced such issues.

from oauth2-server.

That's very strange. I would request a review if you haven't done so already but I suspect this issue will be specific to your site. With the ubiquity of Chrome and the large user base of this package, I would have expected more notifications of this if there was something the package was doing to trigger the issue

from oauth2-server.

Well I did request a review and it takes 1-3 business days until something happens. I already had this issue once and then it was marked as resolved but came back a month later.
I was thinking back then its cause of cross domain redirects. I have then merged all on one domain but still face the issue and can only think of the authorization code which gets flagged as malicious.

from oauth2-server.

Did you receive a reply and a root cause @timyyo ?

from oauth2-server.

The answer of google was:

"Thanks for contacting the Google Search Central support team.
It seems that you were facing issues with a security report in Google Search Console for "Deceptive site ahead".
I couldn't find any security issues on your website at this moment. Everything seems to be working as intended.
If you've requested a review, check your Message Center. It might have been approved.

Should you need further assistance, reach out to us again.

Thanks!"

I have asked again what exactly has been flagged but did not receive any answer yet.

from oauth2-server.

I think they don't understand their own algorithm and can't give an answer what's the specific issue.
The answer I'm getting is the following:

"Thank you for your patience.

The Safe Browsing Team has informed me that your site has been removed from the list and the team will engage in enhanced monitoring to reduce the risk of it being readded. There is no further action necessary on your part. In order to protect over Four Billion devices every day from phishing and malware equitably the Safe Browsing team has to maintain a consistent process for all webmasters. I realize that any enforcement action can be a challenging experience so we have a dedicated system to review each case to enable webmasters to remediate any issues and be removed from the Safe Browsing List.
I hope this helps!"

from oauth2-server.

That's so frustrating that they can't point to why you've been flagged. If there was something in the request such as a header or redirect issue, we could look at fixing it.

The fact this hasn't been reported to us more widely suggests it is specific to your site but as to why, I've no idea. If you want to shorten the tokens you could maybe use a diff encryption algorithm.

I will close this for now as I don't think there is anything we can address but if you do hear anything more concrete please let us know. Thanks for keeping us updated on this.

from oauth2-server.