Reputation: 201
Google Token has been expired or revoked : invalid_grant
Even if I specified my Client_id and Client_Secret, my refresh token still expires or being revoked after approximatively one hour. I've tried all the possible solutions found on google but still unsuccessful. For information, Here are the steps that I followed :
- On Google API Console
- Enabling the "Admin SDK" and "Group Settings API"
- Creating "OAuth Client ID" credentails
- Setting the consent page to be "internal"
- Choosing "Web application" type
- Adding "https://developers.google.com/oauthplayground" as a authorized url
- On Google OAuth Playground
- Checked "Use your own OAuth credentials" (OAuth flow is set to server-side and Access Type to Offline)
- Entered my "OAuth2 Client ID" and "OAuth2 Client Secret"
- Selected and authorized the following APIs : https://www.googleapis.com/auth/admin.directory.group https://www.googleapis.com/auth/admin.directory.user https://www.googleapis.com/auth/apps.groups.settings https://apps-apis.google.com/a/feeds/emailsettings/2.0/ https://www.googleapis.com/auth/admin.datatransfer https://www.googleapis.com/auth/admin.reports.audit.readonly https://www.googleapis.com/auth/admin.directory.rolemanagement.readonly
- Exchanged authorization code for tokens
- Copied the generated Refresh token
All the steps are described here : https://community.sailpoint.com/t5/IdentityNow-Connectors/Token-Generation-for-G-Suite-Source/ta-p/73629
Are there any logs that give me a better idea about what's happening ?
Upvotes: 0
Views: 1087
Answers (1)
Reputation: 12374
I just tested myself and it does not appear my refresh token gets revoked in this case. Refresh Tokens are automatically revoked only if they use the default credentials of the app that are used for test purposes but they should not if you are using your own app credentials.
There is another case where you could experience this: Google will not let you create an unlimited amount of refresh tokens for a given app, there is an unpublished limit, let's say 20 as an example. If you create more than 20 refresh tokens for the same user using the same app credentials the oldest one will be revoked (by Google's API credentials backend, not by the OAuth 2.0 Playground).
Also, just to be clear: The Refresh token is used to generate new Access tokens. These "Access Tokens" are only valid 1h (by design) and you need to generate new ones every hour.
Upvotes: 0
Related Questions
- invalid_grant trying to get OAuth token from Google
- invalid_client in google oauth2
- 'Token has been expired or revoked' - Google OAuth2 Refresh token gets expired in a few days
- Getting error { "error" : "invalid_grant", "error_description" : "Token has been expired or revoked." } from Google oauth2 API
- OAuth 2.0 Playground: unauthorized_client
- Google Oauth2 invalid_grant error while trying to refresh an access token
- Google token refresh returns "Token has been expired or revoked."
- GoogleAPI oauth2 refresh token expires in 1 hour
- Using OAuth2.0 Playground for testing
- Fail to refresh access token in OAuth 2.0 Playground