Reputation: 21150
Google oAuth2 Access Token: "invalid_grant"
Similar question to this, except those answers are outdated and not applicable to my current situation.
Here's my webapp's signin flow:
- Log in with Google (forces prompt, gives offline approval)
- I successfully get a profile back with an access token and a refresh token
- I do a few bits and pieces, then use that refresh token to generate an access token and download the user's contact list
This was working fine (last tested a week ago) but today it's suddenly giving me:
error: invalid_grant
I'm using Node's xoauth2 package, and this hasn't been updated since June so I can't see why this would suddenly be a problem now - unless Google has changed something on their end in the past week or so?
Sample of the code I'm using that calls the error:
// User credentials - all verified working + correct
xoauth2gen = xoauth2.createXOAuth2Generator({
user: email,
clientId: configAuth.googleAuth.clientID,
clientSecret: configAuth.googleAuth.clientSecret,
refreshToken: refresh
});
// SMTP/IMAP
xoauth2gen.getToken(function(err, token){
if(err){
return console.log("XOAUTH2 Error: " + err);
}
if(type === "full"){
cb(token);
}
});
Edit: For completeness, the scopes I'm using when generating the refresh token are:
app.get('/auth/google',
passport.authenticate('google',
{
scope : ['https://mail.google.com/',
'profile',
'email',
'https://www.googleapis.com/auth/userinfo.profile',
'https://www.google.com/m8/feeds'],
accessType: 'offline',
approvalPrompt: 'force'
}
));
Upvotes: 5
Views: 9873
Answers (3)
Reputation: 1228
If you are running a test server using localhost, this error may occur if your system time(OS time) is out of sync.
My system clock was not correct as my CMOS battery was dead. Every time I restarted my laptop the time would not be correct. Hence I would get this error when running
`node server.js'
and then making a request from the frontend to my express js backend
Upvotes: 0
Reputation: 21150
This was eventually fixed by deauthorizing my app in my Gmail account, deleting the refresh token I had stored in MongoDB and starting from scratch. Appears that it was simply a case of some permissions that I had changed, that hadn't been granted via oAuth2.
Upvotes: 1
Reputation: 643
According to RFC 6749 invalid_grant is returned when:
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
Check this out here
Upvotes: 2
Related Questions
- How to fix Google API 'invalid_grant' error
- Google API invalid_grant - bad request error
- Google OAuth2.0 - Gaxios invalid_grant error
- Google Api, Node.js - invalid_grant Malformed auth code
- node.js google oauth2 sample stopped working invalid_grant
- Google OAuth2: Required parameter is missing: grant_type
- Google OAuth2 invalid_grant error
- (Nodejs) Google oAuth2: Required parameter is missing: grant_type
- After receiving access token, can't make authenticated request to Google OAuth 2 in Nodejs
- invalid oauth2 token request