Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

When authenticating with oAuth and youtube, always get error : invalid_grant on 2nd auth attempt, why?

As of yesterday, my application is able to authenticate with google (youtube) via oAuth 2.0 the first time no problem but the 2nd time (re-authentication, same app + same user), when I exchange the requestToken for an accessToken I get an error:

error : invalid_grant

I'm using:

grant_type = authorization_code

like they suggest. What used to happen, before 2 days ago, was on re-authentication the web page would say 'you've already authenticated with this application before, would you like to grant it access again?'. What has changed or what could I be doing wrong?

like image 838
Shizam Avatar asked Dec 08 '11 16:12

Shizam


People also ask

How do I fix OAuth error?

When a user tries to login after the session id is expired, the system throws the OAuth error. Solution: Typically, clearing the browser or device cache fixes the problem.

What is Invalid_grant error?

The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

How do I get OAuth on Youtube?

Generate OAuth credentialsClick on “Configure consent screen“. 3.4 In Consent screen configuration enter a name for your application in field “Application name” and save the settings. 3.5 After creating the consent screen click on “Credentials” in left menu and click “Create credentials” in page.

Does Youtube API require OAuth?

Create your project and select API services This API supports two types of credentials. Create whichever credentials are appropriate for your project: OAuth 2.0: Whenever your application requests private user data, it must send an OAuth 2.0 token along with the request.


2 Answers

I found a way to fix this (at least for us). When redirecting to the accounts.google.com/o/oauth2/auth url, we had to add both approval_prompt=force and access_type=offline. If one was missing, we got no refresh token.

This url documents all of the parameters, but says nothing about the refresh token: http://code.google.com/apis/accounts/docs/OAuth2WebServer.html

like image 131
EricP Avatar answered Oct 12 '22 22:10

EricP


I think I may have found the answer here:

https://groups.google.com/forum/#!searchin/oauth2-dev/invalid_grant/oauth2-dev/eaOa6THER0k/z4eO-taUFxgJ

The problem was that that the "code" parameter that you need to send needs to be encoded. It will work when you set the approval_prompt to force because the return code contains URL-safe characters. However, this is not the case for the return code upon a second authorization request.

For me this fixed it, I hope it does for you as well.

like image 23
Fer Avatar answered Oct 12 '22 22:10

Fer