Using Refresh Token Exception { “error” : “invalid_grant” }'

Question

I\'ve successfully built an application that fetches an access and refresh token.

In my script I check if the access token is valid and if not I then use the refresh

Answer 1

"invalid_grant" can be due to an expired/invalid refresh token. In my case, it had an extra space too much at the end.

Answer 2

In the OAuth2 spec, "invalid_grant" is sort of a catch-all for all errors related to invalid/expired/revoked tokens (auth grant or refresh token).

There's a lot potential causes for the problems, here's a checklist:

1. Server clock/time is out of sync
2. Not authorized for offline access
3. Throttled by Google
4. Using expired refresh tokens
5. User has been inactive for 6 months
6. Use service worker email instead of client ID
7. Too many access tokens in short time
8. Client SDK might be outdated
9. Incorrect/incomplete refresh token
10. User has actively revoked access to our app
11. User has reset/recovered their Google password

I've written a short article summarizing each item with some debugging guidance to help find the culprit. We spent days hunting this down, hope it may help others turn those days into hours.

Answer 3

The reason of the "Invalid grant" error may be due to the refresh token not working. This could be because When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.Here is the link for more documentation.

Answer 4

my issues is authorization_code just to exchange access token, you cannot reuse it. just renew authorization_code to get new access token

Answer 5

As everyone is telling you as far as I know that error could be caused by 2 reasons:

1. Refresh Token is not valid anymore
2. Refresh Token is wrong - maybe some characters hidden that code is adding somehow.

I had that issue before (same error message) and turns out my Refresh Token got expired.

Answer 6

Google now has a dedicated page in their API guide for this error where it says there are only 2 reasons for this...

• Your server's clock is not in sync with network time protocol - NTP.
• The refresh token limit has been exceeded.

The limit for each unique pair of OAuth 2.0 client and Google Analytics account is 25 refresh tokens. If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid.