Search code examples
node.jsgoogle-apigoogle-oauthgoogle-calendar-apigoogle-api-nodejs-client

"invalid_grant" / "bad request" while getting tokens for authcode google api

I'm trying to integrate google calendar in to my app, but getting an error: 'invalid_grant', error_description: 'Bad Request'

I've been following google documentation for the same and have referred to relevant StackOverflow posts to resolve the issue but no luck so far. The flow I'm implementing is as follows:

  1. generating a google consent url

     const {client_secret, client_id, redirect_uris} = credentials.web;
 const oAuth2Client = new google.auth.OAuth2(
     client_id, client_secret, redirect_uris[0]
 );

 const authUrl = oAuth2Client.generateAuthUrl({
     access_type: 'offline',
     scope: SCOPES,
     prompt: 'consent'
 });
 console.log('Authorize this app by visiting this url:', authUrl);

  2. after giving user consent, extracting the auth code from the URL and trying to get tokens in exchange of authcode

     const { client_secret, client_id, redirect_uris } = credentials.web;

 const OAuthtoClient = new google.auth.OAuth2(
 client_id, client_secret, redirect_uris[0]
 );

 let decoded = decodeURIComponent(code);

 OAuthtoClient.getToken(decoded, (err, token) => {
     if (err) return console.error('Error retrieving access token', err);
     console.log('Here the tokens :', token);

first I was getting another error { "error": "invalid_grant", "error_description": "Malformed auth code." }, which is solved referring to this solution. The code ran for once and I was able to generate "refresh_token and access_token" for the first time.

After which I tried to generate tokens for another user I got the following error error: 'invalid_grant', error_description: 'Bad Request'

I've tried things like resetting the client secret, but no luck.

My redirect URL are "redirect_uris": [ "https://example.com/authenticate-gcalendar", "http://localhost:3000" ]

origin URL "javascript_origins": [ "http://localhost:4000" ]

Scope const SCOPES = ['https://www.googleapis.com/auth/calendar', 'https://www.googleapis.com/auth/calendar.events'];

Thank you in advance!

Here is the full error message

Error retrieving access token GaxiosError: invalid_grant
at Gaxios.<anonymous> (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:73:27)
at Generator.next (<anonymous>)
at fulfilled (F:\Git Clones\user-module\node_modules\gaxios\build\src\gaxios.js:16:58)
at processTicksAndRejections (node:internal/process/task_queues:96:5) {
response: {
config: {
  method: 'POST',
  url: 'https://oauth2.googleapis.com/token',
  data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
  headers: [Object],
  params: [Object: null prototype] {},
  paramsSerializer: [Function: paramsSerializer],
  body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
  validateStatus: [Function: validateStatus],
  responseType: 'json'
},
data: { error: 'invalid_grant', error_description: 'Bad Request' },
headers: {
  'alt-svc': 'h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"',
  'cache-control': 'no-cache, no-store, max-age=0, must-revalidate',
  connection: 'close',
  'content-encoding': 'gzip',
  'content-type': 'application/json; charset=utf-8',
  date: 'Mon, 13 Dec 2021 13:01:12 GMT',
  expires: 'Mon, 01 Jan 1990 00:00:00 GMT',
  pragma: 'no-cache',
  server: 'scaffolding on HTTPServer2',
  'transfer-encoding': 'chunked',
  vary: 'Origin, X-Origin, Referer',
  'x-content-type-options': 'nosniff',
  'x-frame-options': 'SAMEORIGIN',
  'x-xss-protection': '0'
   },
status: 400,
statusText: 'Bad Request'
},
 config: {
method: 'POST',
url: 'https://oauth2.googleapis.com/token',
data: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
headers: {
  'Content-Type': 'application/x-www-form-urlencoded',
  'User-Agent': 'google-api-nodejs-client/3.1.2',
  Accept: 'application/json'
},
params: [Object: null prototype] {},
paramsSerializer: [Function: paramsSerializer],
body: 'code=4%2F0AX4XfWiJdQtBAPFLwGHm6O5fotnjqYqHUSYzgUhvFpYyeQ7CziXcd_rc1f5bKMYJaJpklg&client_id&client_secret&redirect_uri=https%3A%2F%2Fexample.com%2Fauthenticate-gcalendar&grant_type=authorization_code&code_verifier=',
validateStatus: [Function: validateStatus],
responseType: 'json'
},
code: '400'
Solution

  • I was able to solve my problem

    I was following the google documentation and was building my code over it, all the code was right but still the "invalid_grant"

    In my case, I was redirecting google oauth to my app's url while running it to my localhost. After redirecting it to http://127.0.0.1:4000, the error was resolved.