Why can third party application log on with OAuth if it is not allowed? Shouldn't it be really straightforward for google to not allow the OAuth when the requesting app is not a google app?