1

As the title says i'm unable to refresh access token as it is giving me a unauthorized_client error. This used to work perfectly a month ago but it doesn't work now.

Here's how i get the token:

  1. My android app logins with the required scopes using consent screen and sends the tokens to my server

  2. Then my django server saves them so that it can refresh the access token later.

    creds = google.oauth2.credentials.Credentials(credentials.access_token,refresh_token=credentials.refresh_token,token_uri=token_uri,client_id=client_id_2,client_secret=client_secret,scopes=scopes)

This line loads values from the database and load them into Credentials object.

Note:

  1. I have to clientid's, one for android and one for web client.
  2. I refresh the tokens using the clientid available for web client

Issues:

  1. If i use the clientid of android, it throws an error of invalid_client
  2. If i use the clientid of web client, it says unauthorized_client

Things that i've tried:

  1. Created another clientid
  2. Checked for white spaces and other typos
  3. Changing settings of consent screen
  4. Adding a product to inapp purchases, as it seems not to work with other api before that.

Sample Code:

creds = google.oauth2.credentials.Credentials(credentials.access_token,refresh_token=credentials.refresh_token,token_uri=token_uri,client_id=client_id_2,client_secret=client_secret,scopes=scopes)
req = google.auth.transport.requests.Request()
creds.refresh(req)

enter image description here

EDIT: Found out that my quota has ran out. working on a different account fixed the issue.

Adnan karim
  • 1,009
  • 10
  • 15

1 Answers1

0

You mentioned that you are sending access token from the client to the server so that you can refresh it later. So you have two tokens

  1. Refresh Token
  2. Authentication token

Can you just check on these things once:-

  1. Whether the client makes one more call to refresh the token after the session expires. In this case, the refresh token needs to be updated on the server-side. Every time the user logins the refresh token needs to be updated
  2. You are properly updating the refresh token in the server.
  3. If you are using refresh token from the server to re-authenticate the client, you will get a new refresh token and auth token. So you are updating this new refresh token in server

If you want to verify things from google side. You can just take the refresh token from the client as soon as he logins and send it to google for refreshing it and see whether you are getting the token or getting unauthorized.

Mohit Kumar
  • 533
  • 1
  • 4
  • 11
  • Thank you for reply. After checking these it seems that i can api requests using access token provided by oauth. but after an hour it gets expired and when i try to refresh it it throws the error stated above. Since mobile apps don't have client-id thats why i'am using the client-id for the web-client. As i said before, it used to work a month ago with the same client-id. – Adnan karim Jul 30 '20 at 12:31