错误:invalid_grant,用于使用刷新令牌获取访问令牌
[英]error: invalid_grant , for getting access token using refresh token
问题描述
After googling we came to know that invalid_grant which means refresh token is invalid.
谷歌搜索后,我们知道 invalid_grant 意味着刷新令牌无效。
Link to google oauth doc 链接到谷歌 oauth 文档
We don't have any of these issues mentioned by google.我们没有谷歌提到的任何这些问题。 Is this error related to something else rather than a refresh token.此错误是否与其他内容有关,而不是与刷新令牌有关。
More Info更多信息
We have access to read, write spreadsheet and send gmail我们可以读取、写入电子表格并发送 gmail
We fetch an access token for each request Any help would be appreciated.我们为每个请求获取访问令牌任何帮助将不胜感激。
We're already in production and verified by google我们已经投入生产并通过谷歌验证
1 个解决方案
解决方案1
0 2022-08-29 09:57:24
Without seeing the full error message that being没有看到完整的错误消息
Invalid_grant {Message here}
It is hard to help but from my experience is most often caused by one of the following.很难提供帮助,但根据我的经验,这通常是由以下原因之一引起的。
Refresh token expire, app not in production.刷新令牌过期,应用不在生产中。
There are serval reasons why a refresh token can expire the most common one currently is as follows.刷新令牌可以过期的原因有多种,目前最常见的原因如下。
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
The fix is to go to google developer console on the consent screen and set your application to production, then your refresh token will stop expiring.修复方法是在同意屏幕上将 go 到谷歌开发者控制台并将您的应用程序设置为生产,然后您的刷新令牌将停止过期。
invalid_grant: Invalid JWT invalid_grant:无效的 JWT
{ “error”: “invalid_grant”, “error_description”: “Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe.
Your server's clock is not in sync with NTP.您的服务器时钟与 NTP 不同步。 (Solution: check the server time if its incorrect fix it. ) (解决方法:检查服务器时间,如果不正确修复它。)
invalid_grant: Code was already redeemed invalid_grant:代码已被兑换
Means that you are taking an authentication code that has already been used and trying to get another access token / refresh token for it.意味着您正在使用已使用的身份验证代码并尝试为其获取另一个访问令牌/刷新令牌。 Authentication code can only be used once and they do expire so they need to be used quickly.验证码只能使用一次,并且会过期,因此需要快速使用。
Invalid_grant: bad request Invalid_grant:错误请求
Normally means that the client id and secrete you are using to refresh the access token.通常意味着您用于刷新访问令牌的客户端 ID 和密码。 Was not the one that was use to create the refresh token you are using.不是用于创建您正在使用的刷新令牌的那个。
Always store most recent refresh token.始终存储最新的刷新令牌。
Remember to always store the most recent refresh token.请记住始终存储最新的刷新令牌。 You can only have 50 out standing refresh tokens for a single user and the oldest one will expire.您只能为单个用户拥有 50 个常备刷新令牌,并且最旧的刷新令牌将过期。 Depending upon the language you are using a new refresh token may be returned to you upon a refresh of the access token.根据您使用的语言,新的刷新令牌可能会在刷新访问令牌时返回给您。 Also if you request consent of the user more then once you will get a different refresh token.此外,如果您多次请求用户同意,那么您将获得不同的刷新令牌。
User revoked access用户撤销访问
If the user revoked your access in their google account, your refresh token will no longer work.如果用户在他们的 google 帐户中撤销了您的访问权限,您的刷新令牌将不再有效。
user changed password with gmail scope.用户使用 gmail scope 更改密码。
If your refresh token was created with a gmail scope and the user changed their password.如果您的刷新令牌是使用 gmail scope 创建的,并且用户更改了密码。 your refresh token will be expired.您的刷新令牌将过期。
Links链接
Oauth2 Rfc docs for invalid_grant error rfc6749针对 invalid_grant 错误rfc6749的 Oauth2 Rfc 文档
invalid_grant The provided authorization grant (eg, authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.