We have an app with offline access_type token. Yesterday all queries were broken, because authorization failed
POST https://oauth2.googleapis.com/token
resulted in a
400 Bad Request
response: { “error”: “invalid_grant”, “error_description”: “Bad Request” }).
We use SDK Google Ads API Client Library for PHP for any queries to API.
Code example:
// Generate a refreshable OAuth2 credential for authentication. $oAuth2Credential = (new OAuth2TokenBuilder())->fromFile($filePathName)->build(); $loggerFactory = new LoggerFactory(); $logger = $loggerFactory->createLogger('TestChannel', APPLICATION_DIRECTORY . ".log/google/adsapi.date("Y-m").".log", 'DEBUG'); // Construct a Google Ads client configured from a properties file and the // OAuth2 credentials above. $googleAdsClient = (new GoogleAdsClientBuilder()) ->fromFile(std::lpath($filePathName)) ->withOAuth2Credential($oAuth2Credential) ->withLogger($logger) ->build(); $query = "SELECT customer_client.status FROM customer_client"; $googleAdsServiceClient = $googleAdsClient->getGoogleAdsServiceClient(); $response = $googleAdsServiceClient->search( $customerId, $query, ['pageSize' => self::PAGE_SIZE] ); return $response->getIterator()->current();
App is in production in google cloud console.
What have we already done:
- changed password for account
- reset secret and generate new refresh token
Create new app isn’t good solution for us, because I think, we couldn’t quickly increase limits to API (but in this moment we were forced to use an app with basic limits and quota)
Any idea how to solve this problem or how contact Google oAuth team with this question?
Related to https://groups.google.com/g/adwords-api/c/nvLa0xPkdUs/m/0P3LcxBgAQAJ
Update: I had found, that there is no link to my app in https://myaccount.google.com/permissions Anyone know, how to add this permissions again?
Advertisement
Answer
Okay this is going to be a wild guess. The issue being that invalid_grant can have a lot of possible causes.
One of them is trying to use a refresh token with a different client id and client secret then the one that was used to create it.
In comments you mentioned that you created another credentials file. And one file works the other doesn’t. This may be due to the fact that you a have a refresh token stored and you are trying to refresh the access token using the refresh token from a credentials file that was not used to create it.
solution, delete your stored refresh token, pick the credentials file you want to use. Your application should request consent of the user again. All should then work.
Again wild guess Let me know if what happens.