Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
542 views
in Technique[技术] by (71.8m points)

gmail api - Using Refresh Token Exception { "error" : "invalid_grant" }'

I've successfully built an application that fetches an access and refresh token.

In my script I check if the access token is valid and if not I then use the refresh token to gain access $client->refreshToken($refreshToken);

Code in full,

    $refreshToken = '<REFRESH_TOKEN>';

    $client_id = '<CLIENT_ID>';
    $client_secret = '<CLIENT_SECRET>';

    // Setup infomation
    $client = new Google_Client();
    $client->setClientId($client_id);
    $client->setClientSecret($client_secret);
    $client->setAccessType("offline");
    $client->addScope("https://mail.google.com/");

    // If access token is not valid use refresh token
    if($client->isAccessTokenExpired()) {

        // Use refresh token
        $client->refreshToken($refreshToken);

    } else {

        // Use access token
        echo $client->setAccessToken($accessToken);

    }

However when trying to use the refresh token I get an excpetion :

Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }''
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

In the OAuth2 spec, "invalid_grant" is sort of a catch-all for all errors related to invalid/expired/revoked tokens (auth grant or refresh token).

There's a lot potential causes for the problems, here's a checklist:

  1. Server clock/time is out of sync
  2. Not authorized for offline access
  3. Throttled by Google
  4. Using expired refresh tokens
  5. User has been inactive for 6 months
  6. Use service worker email instead of client ID
  7. Too many access tokens in short time
  8. Client SDK might be outdated
  9. Incorrect/incomplete refresh token
  10. User has actively revoked access to our app
  11. User has reset/recovered their Google password

I've written a short article summarizing each item with some debugging guidance to help find the culprit. We spent days hunting this down, hope it may help others turn those days into hours.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...