Google API Error List 4

 in Authentication  tagged Google Oauth2 / OAuth2 / Tips & Tricks by


There are only a handful of Errors that get returned when using the Google APIs.   Most of them are Open Authentication (Oauth / Oauth2) related.      I am going to build a list of the errors and their probable causes and possible solutions.

[wp_ad_camp_3]

Open Authentication Errors

invalid_grant

  1. Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )
  2. The refresh token limit has been exceeded.       (Solution: Nothing you can do they cant have more refresh tokens in use)
    Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines.  In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned. The limit for each unique pair of OAuth 2.0 client and is 25 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.

invalid_client

Make sure that you have both product name and an email address set up in Google Apis Console

Invalid_client Google Api Error

[wp_ad_camp_5]

subscriptions are in a suspended state

[412] Errors [ Message[You cannot sign up for Google Apps because one or more of your subscriptions are in a suspended state.]

Solution: Check Google developers console and check your billing options. I think either your credit card has expired or you forgot to pay your bill.

Your account is suspended so you cant make any requests.

Links to question on SO:  Subscriptions are in a suspended State error

invalid_grant: Invalid JWT

{ “error”: “invalid_grant”, “error_description”: “Invalid JWT: Token must be a short-lived token (60 minutes) and in a reasonable timeframe. Check your iat and exp values and use a clock with skew to account for clock differences between systems.” }

Your server’s clock is not in sync with NTP. (Solution: check the server time if its incorrect fix it. )

invalid_grant: Code was already redeemed

This error requires a little explanation. When the user clicks authenticate you are given an authentication code. You take this code and exchange it for your access token and refresh token.

invalid_grant: Code was already redeemed

Means that you are taking an authentication code that has already been used and trying to get another access token / refresh token for it. Authentication code can only be used once and they do expire so they need to be used quickly.

Invalid_grant: bad request

Normally means that the client id and secrete you are using to refresh the access token. Was not the one that was use to create the refresh token you are using.

Try and authenticate again get a new refresh token.

{“error”: “invalid_grant”, “error_description”: “Bad Request”}

Storagerelay URI is not allowed for ‘NATIVE’ client type

The following error can occur if you are using a native type client id on a javascript application. You should be using a Browser type.

400. That’s an error.
Error: invalid_request
Storagerelay URI is not allowed for ‘NATIVE’ client type.
Request Details
That’s all we know.

Conclusion

There are a large number of undocumented errors with authenctating to Googles Oauth servers. I have been keeping this list for years in the hopes that i can save you some time.

… More to come as I remember them Feel free to post your error code and its solution if you have one i don’t have listed.

About Linda Lawton

My name is Linda Lawton I have more than 20 years experience working as an application developer and a database expert. I have also been working with Google APIs since 2012 and I have been contributing to the Google .Net client library since 2013. In 2013 I became a a Google Developer Experts for Google Analytics.

Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

4 thoughts on “Google API Error List

  • Reply
    Nimesh Solanki

    Error: redirect_uri_mismatch.
    Please write a tutorial to cover this error.
    How to solve this error?
    I’m trying to implement account linking in “Actions on Google”. Linking type is authorization code. After authentication, I’m Trying to fetch data from Google calendar API.
    But stuck at this point unable to link the user

  • Pingback: Google Client Invalid JWT: Token must be a short-lived token - ErrorsFixing

    • Reply
      Linda Lawton Post author

      As of 2021 there is a new cause if your app is still in testing then your refresh token will expire after seven days. If the refresh token has expired then you can get this error as well. The trick is to set your app to production then your refresh tokens wont expire.