on point 2 - i used the Google Authenticator with Advanced setting of own client id on.
The error we got was a mismatch between the referral uri in the client id we set in cloud console and the referral id the Google Authenticator has set.
If this is made visible we can set our redirect URI to that, or make it editable to se can enter our own referral uri ( i woudl imagine the former is preferable if you are using some kind of standard localhost variant)
As for the Oauth connector we used here is a screen shot
