When I backup from WHM to my Google Drive account it works for one week only, after that authentication fails. If I recreate the credentials it works again for another week. Is there a way for this credential to never expire? I am following instructions from this link to create everything:
https://docs.cpanel.net/knowledge-base/backup/how-to-configure-google-drive-as-a-backup-additional-destination/
If you check the documentation experation
You will notice it says OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
Solution is to set your application to production mode and have it verified then your refresh tokens will not expire after a week.
Related
I've been using the Google API to update one of my Chrome plugins on a weekly basis. This has now happened 3 or 4 times now: The refresh token I acquire will work properly for up to two weeks (only being used once per week), then the third week, returning an error saying that my token has been expired or revoked.
Given that I'm the only user with access to these tokens, I know that there isn't any spamming, and I know that nobody would be authorized to revoke the tokens on my end.
Please advise. Thanks!
There are serval reasons why an access token can expire.
the user revoked your access.
depending upon which scope you are using if the user changes their password it can revoke all out standing refresh tokens (mostly gmail I think)
If your application is still in testing phase refresh tokens only last for two weeks you will need to move your application to production and go though the verification process. (this appears to have been a stealth change i can find no information on it)
you can have a max of 50 outstanding refresh tokens for a users account, if the user is logging in multiple times and you get a new refresh token each time make sure you are always using the newest.
Your application should always be set to request access of the user again in the event that the refresh token has expired.
I have recently worked with Google Ads API and Shopping Content API and experienced detailed behaviour of API authentication mechanics.
What i can tell for sure regarding authentication is the the following:
An Access-Token always have a life time of 60min. and then expires
An refresh-Token makes it easier to obtain a new Access-Token, since
no additional verification is needed
The lifetime of a Refresh-Token varies
it can be a 6 month or more (when the related application publishing status is released)
or just 1 week (when the related application publishing status is testing)
You can find detailed information regarding Token Expiration on the Google API Documentation https://developers.google.com/identity/protocols/oauth2#expiration
Also information regarding publishing status of your API application Token has expired or revoked - Google Ads
I implemented a Laravel web-app with Google Drive's API used for storage.
I used this tutorial https://gist.github.com/sergomet/f234cc7a8351352170eb547cccd65011.
I note that in my application "refresh token" is expiring every 7 days and I don't know why. My application in Google developers console is in "test" mode.
I found a response about your problem here: https://stackoverflow.com/a/65936387
In documentation https://developers.google.com/identity/protocols/oauth2#expiration
there is writter:
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
so you have to try to publish it in "OAuth consent screen".
Here is some documentation on why Google refresh tokens may not work: https://developers.google.com/identity/protocols/oauth2/#expiration. You should factor in possible invalid tokens into your app.
We have a web app that uses OAuth to sync user's gmail account asking for some credentials. Now since last week we are getting this message that "sign in with Google is temporarily disabled for app" but we haven't changed anything from our settings at all. Also we have everything approved and configured because it was working fine before that time.
You need to follow the process described [here][1] to request verification for your app.
[1] https://support.google.com/cloud/answer/7454865?hl=en
Also see https://gsuite-developers.googleblog.com/2018/06/new-oauth-protections-to-reduce-risk.html
All accesses (a dozen) stopped working returning the error "invalid_grant".
I have revoked the application access for one of the user, got a new one, and this access is now working again with a new refresh token.
I wonder what might have happened? I doubt all users changed their password (I read that this can revoked access) and refresh tokens don't have an expire limite.
Everything was working fine until now.
Refresh tokens should not expire if a user changes there password. That is kind of the point with a refresh token.
Refresh tokens can expire if
the refresh token hasn't been used for six months to get a new access token.
if the user in question revokes access via their Google Account.
To many refresh tokens. When a user authenticate your application you get a refresh token associated with your project and said user. If the user authenticates your application again you get another refresh token both will work. You can keep doing this until you reach the magic number of 25 at which time the first refresh token will automatically expire.
Number three could be your problem if you are not ensuring that you are always saving the most resent refresh token. Or if your users have multiple versions of your application running.
If you are having an issues with all of your users I think the problem could be that, Invalid grant can also be the result of Your server’s clock is not in sync with NTP.
I have two applications which access my users' calendars via a service account. Until today everything was working fine and out of a sudden one of the app cannot get a grant token. I read that this may be due to the same service account being used simultaneously (which was the case for a year but never mind) so I decided to
create a second service account
and authorize it to access the calendars
I created the service account in the Google Developers Console -> API Manager -> Credentials.
The console now looks like this:
Service account client 1 is the original service account which was working for both apps and now works for one of them only. The ga... account is the newly created one.
In order to get the ClientID I went (on the same page) to "Manage service accounts" and I get this:
The newly created account does not offer the possibility to check its ClientID. Why?
The ClientID is also available in the JSON file downloaded upon creation. I extracted it from there and tried to authorize the access in my GApps Security console:
As you can see it was refused.
What part did I miss when creating this second account?
Found it:
and after checking the checkbox below both accounts look the same, the ClientID is available and it can be authorized in the GApps console.