The title kind of explains everything. I use the Google Calendar OAuth2 API and I just have to re-authenticate every once in a while (by pressing the ‘reconnect’ button in the Credentials editing screen), otherwise it will just error out.
The error it encounters is: “Token has been expired or revoked”.
Does anyone know a way to fix this (like if there is a way I can either extend the expiry date of the token, or if there is a way for it to automatically renew it)?
Hey @ConfusedAnt, from this post I seem to remember the access_type=offline query parameter was not part of your OAuth 2 credentials.
This would lead to the Google API not issuing a refresh token used by n8n to renew the actual access token (this is described for example here in their docs). So you could try simply adding access_type=offline in the Auth URI Query Parameters of your OAuth credentials and then reconnecting as described here for example.
If you have a button says “BACK TO TESTING” like me, you are good. Otherwise, you probably are in testing mode where credentials have to be refreshing every week, if I remember that correctly.
I’d like to retake this thread as I have the same problem. I’m very lost with all the Google layers at stake here. I am indeed in testing mode, but I can’t go to production without Google “verifying” my application, which includes some steps that I can’t do in my setting: I’m not building an app for random people to connect to, I just want N8N to access my email on my behalf. So I’m stuck in testing mode and the token expires every week. I’ve tried following a post somewhere using a Google API sandbox or something like that, followed all the complicated steps to get a refresh token, that worked once, but once again the token expired after one week, so no improvement. What’s the dummy-proof way to configure Gmail access for simple, individual API retrieval from N8N? Would appreciate clarifications as I’m going crazy, and email notifications are at the hart of my N8N workflows.
Currently it’s 0.166.0 on Raspberry (I run it as a Docker container and the latest version gets pulled nightly).
Honestly I don’t think this is an N8N issue, though it impacts what I do with N8N and how I use it. The core of the issue, I think, lies in the google ecosystem. I think I need someone to explain exactly how to get this working on that front, and basically have a token that can work until further notice rather than 7 days max. If that makes sense…
I am not sure why it isn’t just working for you like it is for me, I take it when you go to your apps oauth consent screen you get something like this…
URI 1 is the N8N URL behind my reverse proxy (webhooks in general do work fine)
URI 2 is the oauth playground thing I tried to play with refresh tokens, which I don’t really understand and didn’t work anyway (I got a new token from there but it also expired).
There are things related to service account as I tried that, without any success; I think I understood it’s for Google Workspaces only, not for individual gmail accounts.
Yeah for an individual account you don’t need a service account. All I did was make a new project in Google, Setup the Oauth web application, Added a test user and added the API services I needed.
When you go to the IAM part, do you also see something like “5055/5174
excess permissions” in the security insights column? or did I do something wrong with the API scopes?
I too am in a similar situation. And my situation has the added adventure of me knowing next to nothing about the inner workings of Googles apps/api/authentication/tokens… So I’m really learning in a hands-on environment, you might say.
I have experimented in a similar way to Pierric, and still all my automations involving Google Drive (or Sheets, Docs…etc) all come to a screeching halt about once a week, it seems.
For the love all things tech, how do I keep my automations going!?
Well, that was quick. I managed to solve it already:
The issue was I had a logo uploaded on the consent screen
Step by step:
I clicked the “Confirm” button in the scary modal just to see what happens next.
A new section appeared on the OAuth consent screen settings page: “Verification Status”
Below that it said I have to start my verification, because I have a logo displayed on my consent screen. It’s true, I added my personal logo for aesthetic reasons.
So I opened the App settings and removed the logo. Clicking next led me to a screen where I would have to reenter all scopes. As I didn’t remember which scopes I had set, I canceled out of the settings. And lo an behold, on the OAuth consent screen settings page under “Verification Status” it now says:
Verification not required
Your consent screen is being shown, but your app has not been reviewed so your users may not see all of your information, and you will not be able to request certain OAuth scopes. Learn more
And the “Publishing status” is now “In production”
So if you uploaded a logo to your consent screen, remove it!