Reputation: 141622
GetOpenIdConnect returns Invalid Credentials
Context
We are successfully using https://accounts.google.com/o/oauth2/auth to acquire an authentication_code with the following app permissions.
- Know who you are on Google
- View your email address
- View your basic profile info
We are also successfully using https://accounts.google.com/o/oauth2/token to exchange that authentication code for an access_token and id_token.
Problem
With that access_token, we are using https://www.googleapis.com/plus/v1/people/me/openIdConnect to acquire profile information. This is a GET request with the following header.
Authorization: Bearer access_token
The response from Google is invariably this error:
"error": {
"errors": [
{
"domain": "global",
"reason": "authError",
"message": "Invalid Credentials",
"locationType": "header",
"location": "Authorization"
}
],
"code": 401,
"message": "Invalid Credentials"
}
This Google documentation makes two suggestions:
- Refresh the access token using the long-lived refresh token.
- If this fails, direct the user through the OAuth flow, as described in Authorizing Your App with Google Drive.
We have tried both of those approaches and receive the same error.
Upvotes: 1
Views: 592
Answers (1)
Reputation: 141622
We were accidentally using the id_token in the Authorization header. We needed to make sure to use the access_token instead.
Upvotes: 1
Related Questions
- Google OAuth 2 authorization - Error: redirect_uri_mismatch
- OAuth2.0 token strange behaviour (Invalid Credentials 401)
- Annoying invalid credentials with oauth 2.0 google + api
- Google open id connect
- Google OAuth2 (401) Invalid Credentials
- Salesforce openID connect google failed login attempts
- Google: Cannot create API credentials
- Migrating Google OpenID to OpenID Connect: openid_id does not match
- (Google)OpenId Authenication has InvalidOperationException
- OAuth 2.0 Using for Google Login: Getting Unknown Host Exception