问题
I've successfully built an application that fetches an access and refresh token.
In my script I check if the access token is valid and if not I then use the refresh token to gain access $client->refreshToken($refreshToken);
Code in full,
$refreshToken = '<REFRESH_TOKEN>';
$client_id = '<CLIENT_ID>';
$client_secret = '<CLIENT_SECRET>';
// Setup infomation
$client = new Google_Client();
$client->setClientId($client_id);
$client->setClientSecret($client_secret);
$client->setAccessType("offline");
$client->addScope("https://mail.google.com/");
// If access token is not valid use refresh token
if($client->isAccessTokenExpired()) {
// Use refresh token
$client->refreshToken($refreshToken);
} else {
// Use access token
echo $client->setAccessToken($accessToken);
}
However when trying to use the refresh token I get an excpetion :
Fatal error: Uncaught exception 'Google_Auth_Exception' with message 'Error refreshing the OAuth2 token, message: '{ "error" : "invalid_grant" }''
回答1:
In the OAuth2 spec, "invalid_grant" is sort of a catch-all for all errors related to invalid/expired/revoked tokens (auth grant or refresh token).
There's a lot potential causes for the problems, here's a checklist:
- Server clock/time is out of sync
- Not authorized for offline access
- Throttled by Google
- Using expired refresh tokens
- User has been inactive for 6 months
- Use service worker email instead of client ID
- Too many access tokens in short time
- Client SDK might be outdated
- Incorrect/incomplete refresh token
- User has actively revoked access to our app
- User has reset/recovered their Google password
I've written a short article summarizing each item with some debugging guidance to help find the culprit. We spent days hunting this down, hope it may help others turn those days into hours.
回答2:
The reason of the "Invalid grant" error may be due to the refresh token not working. This could be because When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.Here is the link for more documentation.
回答3:
"invalid_grent" can be due to an expired/invalid refresh token. In my case, it had an extra space at the end.
回答4:
As everyone is telling you as far as I know that error could be caused by 2 reasons:
- Refresh Token is not valid anymore
- Refresh Token is wrong - maybe some characters hidden that code is adding somehow.
I had that issue before (same error message) and turns out my Refresh Token got expired.
回答5:
my issues is authorization_code just to exchange access token, you cannot reuse it. just renew authorization_code to get new access token
回答6:
Google now has a dedicated page in their API guide for this error where it says there are only 2 reasons for this...
- Your server's clock is not in sync with network time protocol - NTP.
- The refresh token limit has been exceeded.
The limit for each unique pair of OAuth 2.0 client and Google Analytics account is 25 refresh tokens. If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid.
来源:https://stackoverflow.com/questions/26724003/using-refresh-token-exception-error-invalid-grant