Unable to refresh access token : response is "unauthorized_client"
Solution 1
I created access and refresh token in OAuth2 playground and then i copied them to my app. It`s not allowed to have different clients for autorization and for token refresh.
Solution 2
PROBLEM EXPLANATION
With the hint @MartinV gave I was finally able to fix it! Because his answer doesn't explain very well how to solve it, I'm going to post it here.
The problem is because we all have generated the Refresh Token using Google's OAuth Playground, but when you click 'Authorize APIs' in the first step, it takes you to the concent screen using the Playground app. After that, all the tokens that you create can be used only by the Playground app, but of course you don't know either the Client ID or the Client Secret for that app.
SOLUTION
The solution is to make Playground to use your own Client ID and Secret. To do so, click on the Settings button:
And enter your Client ID and Secret. But, before you do that, as it says there, you need to go to the Developer's Console, find your OAuth 2.0 client IDs client, edit it and add https://developers.google.com/oauthplayground under Authorized redirect URIs. After you added that and saved the changes, go back to the playground and try to Authorize APIs. In my case it took like 15 minutes before the changes in the Authorized redirect URIs took effect.
Once you're done, don't forget to remove the Playground URI from the Developer Console!
EXTRA
Once I have done that, in Python I did this and it worked:
access_token = None
client_id = 'xxxxxxxx.apps.googleusercontent.com'
client_secret = 'xxxxxxxxxxxx'
refresh_token = 'xxxxxxxxxxxx'
token_expiry = None
token_uri = "https://accounts.google.com/o/oauth2/token"
user_agent = 'YourAgent/1.0'
credentials = client.GoogleCredentials(access_token, client_id, client_secret, refresh_token, token_expiry, token_uri, user_agent)
http = credentials.authorize(httplib2.Http())
credentials.refresh(http)
service = build('drive', 'v3', http=http)
req = service.files().list()
resp = req.execute(http=http)
Related videos on Youtube
Comments
-
Martin V. almost 2 years
I am getting an error when I try to refresh access token:
400 Bad Request
{error : "unauthorized_client"}
From the Google token URI:
{ "error" : "invalid_request" }
I read this answer here and the official Google documentation (which describes how a
POST
request should look) and I don't see any difference.I captured my
POST
request (secrets removed):POST /SHOWMERAWPOST HTTP/1.1 User-Agent: Google-HTTP-Java-Client/1.10.3-beta (gzip) Pragma: no-cache Host: requestb.in Content-Type: application/x-www-form-urlencoded; charset=UTF-8 Content-Length: 175 Connection: keep-alive Cache-Control: no-cache Accept-Encoding: gzip Accept: text/html, image/gif, image/jpeg, *; q=.2, */*; q=.2 grant_type=refresh_token&refresh_token=******&client_id=*******.apps.googleusercontent.com&client_secret=******
Java code which sends the request:
RefreshTokenRequest req = new RefreshTokenRequest(new NetHttpTransport(), new JacksonFactory(), new GenericUrl( getSecrets().getDetails().getTokenUri()), REFRESH_TOKEN); req.set("client_id", getSecrets().getDetails().getClientId()); req.set("client_secret", getSecrets().getDetails().getClientSecret()); TokenResponse response = req.execute();
Is there anything wrong?
-
Stephan Celis over 11 yearsdid u find the answer, getting the same error (stackoverflow.com/questions/13878605/…)
-
Martin V. over 11 yearsI do not need to impersonate user, i am sending only client and secret id with refresh token. That`s different situation.
-
-
Neo almost 11 yearsIt`s not allowed to have different clients for autorization and for token refresh >> Martin can you explain it a bit more.. I am facing similar issue.. thank you.
-
Sunil Silumala over 10 yearsHi Martin can you please let me know what you did to solve this error. i am facing same problem.
-
Ryan Williams over 10 yearsPlease define what a client is... IP Address, User Agent, how does it know?
-
Trong Dinh over 10 yearsthis problem happens when u are using the refresh token is generated by [clientid,screretid] which is different from [clientid,screredid] is used for authorizing process.
-
Bhavin almost 7 yearsI have followed all your steps but after completion of whole process refresh_token is blank while I got access token in oauthplayground.
-
Diego Jancic almost 7 yearsNot sure I understand. In Playground, you need to click Exchange authorization code for tokens to get the Refresh Token.
-
AnD almost 7 yearsi tried to test on localhost, and set my redirect uri to playground but i got: "redirect_uri_mismatch" in my localhost server
-
Diego Jancic almost 7 yearsNot sure if it's using just the redirect parameter or the referrer. I don't remember. In any case, did you way a few minutes after adding the playground URL under in the Dev's console?
-
Raven over 6 yearsThis answer should have been the correct thorough answer - you literally saved me! haha
-
Captain Kirk about 6 yearsThank you! Google needs to clean up their act and put this info in their docs.
-
Touya Akira over 5 yearsI am sure your answer solved the problem extremely difficult,I went to find it a long time.I love you @Diego Jancic
-
user2101068 about 5 yearsOMG! THANK YOU!!!!....after reviewing tons of StackOverflow postings on the topic, reviewing multiple tutorials on the general topic and pulling out my hair for a week+ trying to figure out why my programmatic request to refresh tokens failed...THIS appears to have solved the problem. I agree with @user1701153 that Google needs better documentation...it's really horrific! Argh!
-
user2101068 about 5 yearsI agree with @Raven this should have been the CORRECT answer!
-
Valor_ almost 5 yearsOh Jesus! I was fighting with this problem for several days, until I found this post. Thank you man, this should be accepted answer!!! @google please update your docs. This is not normal!