Gmail, like all other email service providers, is strongly committed to protecting its users from suspicious activities because of password theft. Google alerts you when your Gmail credentials have been used by an unknown application. So when you try to connect your Gmail account with your web application, you receive an email from Google with the subject Sign-in attempt prevented.
If you have enabled two-factor authentication, grant access to your Gmail account by generating an app-specific password. If you haven’t enabled two-factor authentication, you can turn on access for less secure apps.
Note: This is applicable only for non-G Suite businesses. An email would reach you soon after you attempt to sign into Gmail from your web application. If you've got more than one email from Google with the same subject (Sign-in attempt prevented), the latest email should be the one about your application.
Learn more from this article.