As of yesterday, my application is able to authenticate with google (youtube) via oAuth 2.0 the first time no problem but the 2nd time (re-authentication, same app + same user), when I exchange the requestToken for an accessToken I get an error:
error : invalid_grant
I'm using:
grant_type = authorization_code
like they suggest. What used to happen, before 2 days ago, was on re-authentication the web page would say 'you've already authenticated with this application before, would you like to grant it access again?'. What has changed or what could I be doing wrong?
When a user tries to login after the session id is expired, the system throws the OAuth error. Solution: Typically, clearing the browser or device cache fixes the problem.
The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
Generate OAuth credentialsClick on “Configure consent screen“. 3.4 In Consent screen configuration enter a name for your application in field “Application name” and save the settings. 3.5 After creating the consent screen click on “Credentials” in left menu and click “Create credentials” in page.
Create your project and select API services This API supports two types of credentials. Create whichever credentials are appropriate for your project: OAuth 2.0: Whenever your application requests private user data, it must send an OAuth 2.0 token along with the request.
I found a way to fix this (at least for us). When redirecting to the accounts.google.com/o/oauth2/auth url, we had to add both approval_prompt=force and access_type=offline. If one was missing, we got no refresh token.
This url documents all of the parameters, but says nothing about the refresh token: http://code.google.com/apis/accounts/docs/OAuth2WebServer.html
I think I may have found the answer here:
https://groups.google.com/forum/#!searchin/oauth2-dev/invalid_grant/oauth2-dev/eaOa6THER0k/z4eO-taUFxgJ
The problem was that that the "code" parameter that you need to send needs to be encoded. It will work when you set the approval_prompt to force because the return code contains URL-safe characters. However, this is not the case for the return code upon a second authorization request.
For me this fixed it, I hope it does for you as well.
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With