Partner Connections Manager authorization code works only once

Question

I am able to successfully get a PCM authorization code and use it to get a access token but it only works once. Is that the correct behaviour? Seems like it should work indefinitely so the user does not have to continuously authorize a partner. Or once I get a access token I should only use the refresh token afterwards?

Works the first time I request a access token:

Example PCM authorization code: 4/0AY0e-e45jfjsl_KPdjke_BzKgsBirc....

╰─ curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?client_id=MY-CLIENT-ID&client_secret=MY-CLIENT_SECRET&code=MY-AUTH-CODE&grant_type=authorization_code&redirect_uri=https://www.google.com'

{
  "access_token": "ya29.a0AfH6SMAgv...",
  "expires_in": 3599,
  "refresh_token": "1//04721e...",
  "scope": "https://www.googleapis.com/auth/sdm.service",
  "token_type": "Bearer"
}

On subsequent tries to use the PCM authorization code it fails. The only way to use it again is to recreate the PCM authorization code.

╰─ curl -L -X POST 'https://www.googleapis.com/oauth2/v4/token?client_id=MY-CLIENT-ID&client_secret=MY-CLIENT_SECRET&code=MY-AUTH-CODE&grant_type=authorization_code&redirect_uri=https://www.google.com'

{
  "error": "invalid_grant",
  "error_description": "Bad Request"
}

score 0 · Answer 1 · answered Jan 26 '21 at 18:17

As the payload mentions, the access token expires in an hour and the refresh token should be used to acquire new access tokens as per https://developers.google.com/nest/device-access/authorize.

Note that the refresh token seems to be good for only a week in the sandbox as of this post. At that point you have to re-run the authorization flow.

Partner Connections Manager authorization code works only once

1 Answers1