Hello all,
In our application we have the following code for requesting oauth permissions for our relevant scope
```
```
I understand that if you request access_type: 'offline' that when using the google SDK if a refresh_token has expired, the SDK will automatically request a new refresh token to complete the offline api call.
For most of our users this is 'seemingly' happening correctly, but for a given user, when trying to request access to a resource for the available scope we get the following error:
GaxiosError: invalid_grant
at Gaxios._request
at process.processTicksAndRejections (node:internal/process/task_queues:95:5)
at async OAuth2Client.refreshTokenNoCache
response: {
config: {
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: ...
headers: [Object],
paramsSerializer: [Function: paramsSerializer],data: {
error: 'invalid_grant',
error_description: 'Token has been expired or revoked.'
},
Hi,
There are 2 things that could have happened that resulted in an invalid grant in your case that I can see, assuming that the user did not change his credentials and there is no security breach.
First is Failure in Refreshing Token:
Failure in refreshing tokens might happen sometimes.make sure to double-check the Google OAuth documentation for potential causes of refresh failures.
(https://developers.google.com/nest/device-access/reference/errors/authorization).
Second is User Revoked Refresh Token Manually:
It is possible the user might have revoked the token manually. If they have, you will need to request their permission again to obtain a new refresh token. Revoked tokens will always return "invalid_grant."
Hello @JanR,
Thanks for taking the time to respond. The refresh token is indeed expired, however I understand that if you request offline access, which I do so here:
try {
oAuth2Client.setCredentials({ refresh_token: user.refresh_token })
const gmail = google.gmail({ version: "v1", auth: oAuth2Client })
// rest of code
```
@JanR any feedback here? This is a blocker for us, the SDK is not renewing the tokens so our integration is basically broken
User | Count |
---|---|
2 | |
2 | |
1 | |
1 | |
1 |