27

I am using Google Analytics API to fetch analytics data. I tried to authenticate it using following steps:

  • Created OAuth client ID in https://console.developers.google.com/ credentials section.
  • In consent screen I had set publishing status as testing
  • In OAuth 2.0 Playground I got the refresh token using above generated client id and client secret
  • Then I am using it to generate access token through it.

But after a few days, the refresh token expires although it is mentioned that the refresh token's validity is life long.

Spikatrix
  • 20,225
  • 7
  • 37
  • 83
Manjari Dhoundiyal
  • 273
  • 1
  • 3
  • 4

8 Answers8

56

If your app is in testing mode then user tokens will expire in 7 days. Please find this explanations here: https://support.google.com/cloud/answer/10311615#zippy=%2Ctesting enter image description here

alper
  • 2,919
  • 9
  • 53
  • 102
valicos
  • 716
  • 9
  • 8
  • 1
    This was my problem. Thanks! – Levi Nunnink Nov 19 '21 at 14:53
  • 14
    Visit the [OAuth consent screen](https://console.cloud.google.com/apis/credentials/consent) and click on the publish button to change from the testing status to the published status. – Spikatrix Dec 26 '21 at 05:21
  • 1
    @Spikatrix Google wants verification to publish the app. Is there any way to by-pass the verification process? – alper Apr 04 '22 at 14:00
  • 2
    @alper IIRC, you don't _need_ to verify to publish the app. Users will be warned about an untrusted application if you haven't verified it. For testing purposes, this is fine but if you're deploying to production, I don't think there's a way to bypass verification. – Spikatrix Apr 04 '22 at 14:19
  • 1
    Just wanted to confirm what Spikatrix said as the wording in the Google Cloud Console is very misleading. You DON'T need to verify the app despite all the warnings in the console. My experiments have shown that, as long as the app "Publishing status" says "In production", the tokens will NOT expire after 7 days. – Etienne Dechamps Apr 15 '22 at 16:30
  • Unfortunatly this doesn't seem to solve my problem.. my app has the status 'production' but the token still expires after 7 days. – Alex van Es May 20 '22 at 04:13
  • @AlexvanEs you solved your problem of refresh token expiring?? – Nihal Chandwani Jan 30 '23 at 10:26
  • @AlexvanEs Did you manage to find a solution for this? – Rajeev Feb 02 '23 at 10:21
  • @NihalChandwani DId to manage to find a solution for this? – Rajeev Feb 02 '23 at 10:21
  • @Rajeev we need to verify app, no option to that, refresh token is needed, that too will expire in 7 days, and about access token, it will expire in 1 hour – Nihal Chandwani Feb 03 '23 at 07:06
  • @NihalChandwani , If we publish the app in Production mode, the Refresh token will not expire in 7 days right? – Rajeev Feb 03 '23 at 10:56
  • @Rajeev yes, according to my research – Nihal Chandwani Feb 06 '23 at 19:05
19

I needed to send mails from a gmail account that I have access to, using nodemailer. It works for a couple of days before my refresh token is mysteriously revoked, even though the account belongs to me. A google search brought me here and I had been watching for a while hoping someone would help with a solution.

As you mentioned, this seems to happen with only test/unverified apps and I'm guessing google revokes tokens for such applications in your account after a few days. After much trials and errors, here is what I did.

NOTE: This is solution is only applicable to accounts you own, otherwise you must verify your app to access other people's accounts

  1. Generate a new refresh token (existing one is most likely revoked) as described in this SO post
  2. Go to the security tab of your google account dashboard
  3. Under the Recent security activity section, you should see a security alert for your app.
  4. Click on the context menu next to the notification and click DISMISS
  5. At this point you'll be presented with a dialog of options where you indicate the level of trust you have for the app. I just went ahead and said I trusted the developer/app, obviously. And that's it! The refresh token should persist after this.

I could not find anything related anywhere else.

General Grievance
  • 4,555
  • 31
  • 31
  • 45
dave-ok
  • 211
  • 2
  • 9
  • 2
    Is this supposed to prevent the new token from expiring after a week? I dismissed the security notification last week, and my new token has now expired again. Hoping I'm missing something. According to Google's [API verification exceptions](https://support.google.com/cloud/answer/9110914?hl=en#zippy=%2Cexceptions-to-verification-requirements), verification isn't required for personal use, but there are no details on how to indicate the app is for personal use rather than in testing. – dannypernik Aug 13 '21 at 17:02
  • 1
    This workaround didn't work for me. I found the security activity menu and dismissed, but the token still expired 7 days later. – Etienne Dechamps Apr 02 '22 at 09:30
  • @EtienneDechamps It turns out this is the case as mentioned by above https://stackoverflow.com/a/67966982/9931056. A maximum validity of 7 days is given to tokens for test apps. – dave-ok Apr 04 '22 at 00:10
  • 1
    `you should see a security alert for your app` Nope. – Alex Deft Oct 19 '22 at 11:57
8

The other answer pointed me in the right direction but for me the option was located somewhere else: security > security checkup/security issues found > context menu next to your app > dismiss

mo_damsko
  • 89
  • 1
  • 1
1

This issue seems to be for unverified apps, Simply delete the token file from your project and rerun the project, it will create a new token.

theNoble247
  • 460
  • 5
  • 12
1

What I did:

  1. Go to https://console.cloud.google.com/apis/credentials/consent and change from the testing status to published.
  2. Delete the current token file.
  3. Authorize the API again by signing into your gmail account. You will be sent to a warning screen. From there, you can choose to proceed.
  4. When done you'll get a new token file
user20692394
  • 19
  • 1
  • This only get you into a back and forth conversation with google team trying to verify your app. in the end, they only say that since its for personal use, to keep using unverified app.. and we still end up having to manually change the token every week – Modular Economy Feb 10 '23 at 02:02
  • As @etienne-dechamps stated, "You DON'T need to verify the app despite all the warnings in the console" – Bananasmoothii Aug 15 '23 at 18:24
0

The solution is to delete your token.json file to force Google to find a new token.

I was able to get it to work WITHOUT a verified app. Perhaps the refresh() method will work once my app is verified. Not sure on that one.

Lance Goyke
  • 53
  • 7
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Jan 04 '22 at 01:30
0

My problem was when I've added access_token instead of refresh_token.

Acuna
  • 1,741
  • 17
  • 20
0

Had this issue with Woocommerce Bookings Calendar Sync app. Kept getting disconnected and there was nothing in the documentation. Reached out to their support who told me to go to the OAuth consent screen and change Publishing status from "Testing" to "In production"

This is the error I noticed:

ERROR Unable to fetch access token with refresh token. Google sync disabled until re-authenticated. Error: "invalid_grant", "Token has been expired or revoked." NOTICE Invalid access token. Reconnect with Google necessary. Code 0. Message: Invalid token format.

SolaceBeforeDawn
  • 958
  • 1
  • 8
  • 16