Comments (9)
jennybc
commented on July 28, 2024
Just from my general knowledge of Google OAuth tokens (not from replicating your specific experience) I can say there are multiple reasons for a refresh token to become invalid, i.e. you can't get access tokens with it anymore (which is I think what you're describing).
Note: Save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working.
https://developers.google.com/identity/protocols/oauth2
Once your refresh token becomes invalid, you can't get / refresh access tokens with it anymore and, yeah, you really do have to do the browser dance again.
If this shiny app is used with some reasonable frequency, then it's likely that whoever owns the token is getting (lots?) of other new tokens, causing the one stored for the app to fall off the end.
from gmailr.
KryeKuzhinieri
commented on July 28, 2024
Hey Jenny,
Thanks for the reply.
So, currently the app is on test mode and it appears that in the last week or so was not used. Could it be due to long inactivity? Also, it appears that the Oauth consent screen was on testing mode. Could this have caused the issue too?
from gmailr.
jennybc
commented on July 28, 2024
I don't think a single week of disuse is typically enough for a token to be deemed stale and made invalid.
I don't know re: whether testing mode has anything to do with modulating this.
How sure are you that the token is being found by your app? I suspect that you could be misinterpreting behaviour, i.e. the token file is not being found vs. it's being found and is non-refreshable.
from gmailr.
KryeKuzhinieri
commented on July 28, 2024
These are the logs I got from shiny-server.
2022-05-11T13:22:56.242690+00:00 : trying `token_fetch()`
2022-05-11T13:22:56.242860+00:00 : Error caught by `token_fetch()`:
2022-05-11T13:22:56.242781+00:00 : trying `credentials_service_account()`
2022-05-11T13:22:56.242917+00:00 : Argument 'txt' must be a JSON string, URL or file.
2022-05-11T13:22:56.242978+00:00 : trying `credentials_external_account()`
2022-05-11T13:22:56.243030+00:00 : aws.ec2metadata not installed; can't detect whether running on EC2 instance
2022-05-11T13:22:56.243089+00:00 : trying `credentials_app_default()`
2022-05-11T13:22:56.243145+00:00 : trying `credentials_gce()`
2022-05-11T13:22:57.247056+00:00 : trying `credentials_byo_oauth()`
2022-05-11T13:22:57.247127+00:00 : Error caught by `token_fetch()`:
2022-05-11T13:22:57.247289+00:00 : Gargle2.0 initialize
2022-05-11T13:22:57.247178+00:00 : inherits(token, "Token2.0") is not TRUE
2022-05-11T13:22:57.247228+00:00 : trying `credentials_user_oauth2()`
2022-05-11T13:22:57.247448+00:00 : matching token found in the cache
2022-05-11T13:22:57.247340+00:00 : adding "userinfo.email" scope
2022-05-11T13:22:57.247397+00:00 : loading token from the cache
2022-05-11T13:22:57.247574+00:00 : Warning: Unable to refresh token: invalid_grant
2022-05-11T13:22:57.247683+00:00 : Removing token from the cache:
2022-05-11T13:22:57.247499+00:00 : Auto-refreshing stale OAuth token.
2022-05-11T13:22:57.247849+00:00 : Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.
2022-05-11T13:22:57.247628+00:00 : • Token has been expired or revoked.
2022-05-11T13:22:57.247745+00:00 : 'secret'
2022-05-11T13:22:57.247798+00:00 : Warning: Error in gmailr_POST: Gmail API error: 401
2022-05-11T13:22:57.247896+00:00 :
2022-05-11T13:22:57.248045+00:00 : [No stack trace available]
from gmailr.
KryeKuzhinieri
commented on July 28, 2024
It states that the "Token has been expired or revoked"
from gmailr.
jennybc
commented on July 28, 2024
This looks like a good troubleshooting list:
https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35
I have definitely seen this one before:
- Server clock/time is out of sync
from gmailr.
KryeKuzhinieri
commented on July 28, 2024
Thanks for the details. For now, now of these seems to be the case. I will keep testing with the current settings. If this there is a discovery in the future regarding this, I will update here again.
from gmailr.
jennybc
commented on July 28, 2024
BTW here's more about testing mode and its effect on token validity:
https://developers.google.com/identity/protocols/oauth2#webserver
A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days.
from gmailr.
nicocriscuolo
commented on July 28, 2024
Hi everyone, I am also experiencing the problem of the token expiration because the "App" is in the testing phase. However, what is really not clear to me is what Google means when distinguishing between these stages of an application. My application has been developed in R through the shiny package, and deployed online through shinyapps.io, and several users are already using it.
I've explained my doubts a bit better on this GitHub post. Could you please give me some more explanations?
Thanks in advance for your help! I really appreciate it.
from gmailr.
Related Issues (20)
- Problem on R 4.2.1? HOT 8
- gm_auth_configure() and gm_send_message() work locally but not remotely on Cloud Build with same JSON file (or key and secret) specified HOT 7
- Unable to confirm Google credentials for `Gmailr` when running via Windows Task Scheduler HOT 8
- Update `gm_auth_configure()` to take `client` HOT 1
- Upkeep for gmailr
- `usethis::use_readme_rmd()`
- Update errors to rlang 1.0.0. Helpful guides:
- Add the web / pseudo-oob case to the OAuth client article
- Move lots of README content to articles
- Make it possible to pass `subject` to `gm_auth()`
- Update Get Started
- send another email in the same thread HOT 1
- Release gmailr 2.0.0 HOT 2
- Authentication expiring repetitively for non-interactive auth HOT 2
- Subject becomes garbled when it contains accented character and more than 55 characters HOT 2
- Are there any changes in gm_auth_configure() -> error: attempt to apply non-function HOT 4
- Upkeep for gmailr (2023)
- Update error for `gmailr_query()`
- gm_date returning current date, not internalDate
- Error with gm_auth_configure pulling from gargle package HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from gmailr.