Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

google service account example returns "Error refreshing the OAuth2 token { “error” : “invalid_grant” }"

My goal is to make the simplest query on Google Fusion Tables on behalf of my web app users. For that, I created a service account on google console. Here is the code:

    // Creating a google client
    $client = new \Google_Client();


    // setting the service acount credentials
    $serviceAccountName = 'XXXXX.apps.googleusercontent.com';
    $scopes= array(
                'https://www.googleapis.com/auth/fusiontables',
                'https://www.googleapis.com/auth/fusiontables.readonly',
                );
    $privateKey=file_get_contents('/path/to/privatekey.p12');
    $privateKeyPassword='notasecret'; // the default one when generated in the console

    $credential = new \Google_Auth_AssertionCredentials($serviceAccountName,
            $scopes, $privateKey, $privateKeyPassword);

    // setting assertion credentials
    $client->setAssertionCredentials($credential);

    $service = new \Google_Service_Fusiontables($client);
    $sql = 'select name from XXXXXXXX'; 
    $result = $service->query->sql($sql);

After running this code, I got this error:

Error refreshing the OAuth2 token, message: '{
"error" : "invalid_grant"
}'

I googled that for days and most of answers are talking about refreshing the token. I made this refresh but still the same errors!

Any idea for solving this problem? Thanks

like image 938
Amine Jallouli Avatar asked Nov 30 '22 01:11

Amine Jallouli


2 Answers

In my case it was caused by the server's time being too far off (about 5 minutes).

Although your issue is already solved, maybe this is of any help for someone who lands here in the future as the error returned by Google is the same.

like image 176
Bjorn Avatar answered Dec 02 '22 13:12

Bjorn


I know that many people are facing the same problem like mine. So, this is the solution after days of search on google.

The code I proposed has only one error: the client id is like an email similar to [email protected]

The second thing you have to do is to share the table you are quering in google fusion tables with the client id of the service account.

After that, thing will work perfectly.

I hope this would help other.

like image 42
Amine Jallouli Avatar answered Dec 02 '22 14:12

Amine Jallouli