Access Google API using python: Refresh Error 'invalid grant' appears suddenly after a few days of first-time setup

Question

Within last 10days, with python 3 and by using the google_auth_oauthlib and googleapiclient packages, I have been able to create Google Sheet (using python code) and do basic write/read values to any cell. I accomplished this by going through random videos on Youtube.

Suddenly today evening, the code stopped working with the following error:

google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})

I am new to Google API and have no clue why this is happening. Is there something I need to 'reset' in my account in console.cloud.google.com to avoid this?

Following is the code which used to work fine before, but doesnt now:

import os
from Google import Create_Service

spreadsheet_id= '1F8mAvHWqHL_3JHuKnv9Fy9vm2_Zm2tR13DNKj9oNxzU'

FOLDER_PATH = r'C:\Users\Owner'
CLIENT_SECRET_FILE = os.path.join(FOLDER_PATH, 'Client_Secret2.json')
API_SERVICE_NAME = 'sheets'
API_VERSION = 'v4'
SCOPES = ['https://www.googleapis.com/auth/spreadsheets']

service = Create_Service(CLIENT_SECRET_FILE, API_SERVICE_NAME, API_VERSION, SCOPES)
service.spreadsheets().values().clear(
    spreadsheetId=spreadsheet_id,
    range='A1:AA1000',
    body={}
).execute()

Here is code for Google.pywhich has Create_Service :

import pickle
import os
from google_auth_oauthlib.flow import Flow, InstalledAppFlow
from googleapiclient.discovery import build
from googleapiclient.http import MediaFileUpload, MediaIoBaseDownload
from google.auth.transport.requests import Request


def Create_Service(client_secret_file, api_name, api_version, *scopes):
    print(client_secret_file, api_name, api_version, scopes, sep='-')
    CLIENT_SECRET_FILE = client_secret_file
    API_SERVICE_NAME = api_name
    API_VERSION = api_version
    SCOPES = [scope for scope in scopes[0]]
    print(SCOPES)

    cred = None

    pickle_file = f'token_{API_SERVICE_NAME}_{API_VERSION}.pickle'
    # print(pickle_file)

    if os.path.exists(pickle_file):
        with open(pickle_file, 'rb') as token:
            cred = pickle.load(token)

    if not cred or not cred.valid:
        if cred and cred.expired and cred.refresh_token:
            cred.refresh(Request())
        else:
            flow = InstalledAppFlow.from_client_secrets_file(CLIENT_SECRET_FILE, SCOPES)
            cred = flow.run_local_server()

        with open(pickle_file, 'wb') as token:
            pickle.dump(cred, token)

    try:
        service = build(API_SERVICE_NAME, API_VERSION, credentials=cred)
        print(API_SERVICE_NAME, 'service created successfully')
        return service
    except Exception as e:
        print('Unable to connect.')
        print(e)
        return None

def convert_to_RFC_datetime(year=1900, month=1, day=1, hour=0, minute=0):
    dt = datetime.datetime(year, month, day, hour, minute, 0).isoformat() + 'Z'
    return dt

Here is the photo from my console.cloud.google.com :

Answer 1

I resolved the issue by deleting the .pickle file I had in my python folder. Re-running my code self-generated a new .pickle file and the code runs now!

Answer 2

To be clear. This has nothing to do with your credentials file. Your credentials file is unaffected by this error.

'Token has been expired or revoked.'

Means that your app not longer has access to the users account. Either the access token you are using has expired and you have not requested off line access so do not have a refresh token. Or the refresh token has been revoked.

Cauess for refresh token revoked.

• the user has revoked your access via their google account.
• the user has authorized your app more then 50 times and you are not storing the most recent refresh token
• Your app is still set to testing in google developer console and there for it will expire after seven days.

Solution to all of the above is to request access of the user again. If you are following the People quickstart python. Delete 'token.json' it will cause your app to request access again.

Refresh token expiration

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.