Google Calendar OAuth2 API token expiring every once in a while

The title kind of explains everything. I use the Google Calendar OAuth2 API and I just have to re-authenticate every once in a while (by pressing the ‘reconnect’ button in the Credentials editing screen), otherwise it will just error out.

The error it encounters is: “Token has been expired or revoked”.

Does anyone know a way to fix this (like if there is a way I can either extend the expiry date of the token, or if there is a way for it to automatically renew it)?

Probably connected to those topics, what can help more advanced user to help:

2 Likes

Hey @ConfusedAnt, from this post I seem to remember the access_type=offline query parameter was not part of your OAuth 2 credentials.

This would lead to the Google API not issuing a refresh token used by n8n to renew the actual access token (this is described for example here in their docs). So you could try simply adding access_type=offline in the Auth URI Query Parameters of your OAuth credentials and then reconnecting as described here for example.

1 Like

BTW, maybe you are on testing mode?

How to check it
  1. Go to Google Cloud Platform
  2. Choose your project from the top
  3. Go to OAuth consent screen on the left sidebar menu

If you have a button says “BACK TO TESTING” like me, you are good. Otherwise, you probably are in testing mode where credentials have to be refreshing every week, if I remember that correctly.

3 Likes

I believe this was probably the issue I was having, I’ve changed that now and I’ll see in a few weeks if it breaks or not

2 Likes

Hi !

I’d like to retake this thread as I have the same problem. I’m very lost with all the Google layers at stake here. I am indeed in testing mode, but I can’t go to production without Google “verifying” my application, which includes some steps that I can’t do in my setting: I’m not building an app for random people to connect to, I just want N8N to access my email on my behalf. So I’m stuck in testing mode and the token expires every week. I’ve tried following a post somewhere using a Google API sandbox or something like that, followed all the complicated steps to get a refresh token, that worked once, but once again the token expired after one week, so no improvement. What’s the dummy-proof way to configure Gmail access for simple, individual API retrieval from N8N? Would appreciate clarifications as I’m going crazy, and email notifications are at the hart of my N8N workflows.

Cheers,
Pierric.

Hey @Pierric,

Oddly enough I have mine running in testing and have not ran into this issue with a 2 week expiration. What version of n8n are you running?

Hi @jon ! Thanks for replying.

Currently it’s 0.166.0 on Raspberry (I run it as a Docker container and the latest version gets pulled nightly).

Honestly I don’t think this is an N8N issue, though it impacts what I do with N8N and how I use it. The core of the issue, I think, lies in the google ecosystem. I think I need someone to explain exactly how to get this working on that front, and basically have a token that can work until further notice rather than 7 days max. If that makes sense…

Cheers,
Pierric.

Hey @Pierric,

I am not sure why it isn’t just working for you like it is for me, I take it when you go to your apps oauth consent screen you get something like this…

The only real change I have with mine is I have my user as a test user which could be what is missing.

Thank you. I have the exact same screen there (with 1 user only).

In case this brings up any thoughts, I also include the credentials screen:


URI 1 is the N8N URL behind my reverse proxy (webhooks in general do work fine)
URI 2 is the oauth playground thing I tried to play with refresh tokens, which I don’t really understand and didn’t work anyway (I got a new token from there but it also expired).

In the IAM section I have this

And on the credentials home:

There are things related to service account as I tried that, without any success; I think I understood it’s for Google Workspaces only, not for individual gmail accounts.

Cheers,
Pierric.

Hi @Pierric,

Yeah for an individual account you don’t need a service account. All I did was make a new project in Google, Setup the Oauth web application, Added a test user and added the API services I needed.

When you go to the IAM part, do you also see something like “5055/5174
excess permissions” in the security insights column? or did I do something wrong with the API scopes?

Nothing like that on mine, I didn’t touch anything in IAM.

Thanks… I’ve just recreated a new project from scratch, and we’ll see if that helps. More on this in one week :wink:

Thanks for your help !

1 Like