This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
Log in to ask a question
Get hands-on experience with 20+ free Google Cloud products and $300 in free credit for new customers.
Log in to ask a question

unauthorized_client for desktop application

Posted on 02-23-2025 01:31 PM
mainster
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey guys,
I have started to develop a test application on my desktop pc including google drive api and I'm happy to read how simple it is to access files from my google drive. 

I started a simple project like a picture frame which will show some pictures out of my google drive. 

I don't have a workspace account.
On my Linux host, a simple C++ source works fine if I will give OAuth access tokens to authenticate with the google drive api to show some pictures out of my drive folder. But I'm not able to get refresh tokens working within my private project. 

I could break down the problem to the following unauthorized_client problem:

curl \
-d client_id="xxxxxxxxxxxxxxxocrvn.apps.googleusercontent.com" \
-d client_secret="GOCSPX--yyyyyyyyyyyyyyyyyyyyyyyy" \
-d refresh_token="1//04SpkVfR-fdffdffdffdfdfffdfdfdfdfddffdffdf" \
-d grant_type=refresh_token \
"https://oauth2.googleapis.com/token"

which answers:
{
"error": "unauthorized_client",
"error_description": "Unauthorized"
}

I have read some notes about the google platform branding and the consent page but I am not able to get refresh tokens working as mentioned. 

I have generated a OAuth 2.0-Client-ID for my cloud project. Using the https://developers.google.com/oauthplayground/, I executed all the steps which are needed for my opinion to get a working refresh token to use with, for example, curl:

mainster_0-1740345840701.png

mainster_1-1740345982290.png

If I use the refresh token mentioned, the curl answer is unauthorized_client. 

I think I miss some configuration within the google project especially the oauth client  but I'm not able to figure it out. 

I would be very happy to solve this problem.

Kind regards,
Manuel

 

 

Solved Solved
0 1 213
Topic Labels
Jump to Solution
0 Likes
1 ACCEPTED SOLUTION

Posted on --/--/---- --:-- AM
mainster
Bronze 1
Bronze 1
Reply posted on --/--/---- --:-- AM

Hey cummunity,
I could solve the problem. 

I missed in fact the step where I have to grant access when using the OAuth playground.  This workflow without using OAuth playground works for my desktop app:

  1. Assemble OAuth 2.0 authorization link for desktop apps
    Open this link within a web browser:
    https://accounts.google.com/o/oauth2/auth?
    client_id=CLIENT_ID&
    response_type=code&
    scope=https://www.googleapis.com/auth/drive.readonly&
    redirect_uri=urn:ietf:wg:oauth:2.0:oob&
    access_type=offline&
    prompt=consent

    The answer is the AUTHORIZATION_CODE
  2. Exchange code for Refresh Token
    curl -X POST https://oauth2.googleapis.com/token \
    -d client_id=CLIENT_ID \
    -d client_secret=CLIENT_SECRET \
    -d code=AUTHORIZATION_CODE \
    -d grant_type=authorization_code \
    -d redirect_uri=urn:ietf:wg:oauth:2.0:oob
  3. Renew access with the refresh token
    curl -X POST https://oauth2.googleapis.com/token \
    -d client_id=CLIENT_ID \
    -d client_secret=CLIENT_SECRET \
    -d refresh_token=REFRESH_TOKEN \
    -d grant_type=refresh_token

The JSON response contains a new access token each time.

Kind regards,
Manuel

View solution in original post

Jump to Solution
0 Likes
1 REPLY 1
Top Solution Authors
View all