Google Sheets OAuth2 Error

Hy, i have been using a workflow for about a week now and it was working wonderfully.

I have a Google Sheets read node and everything was working perfectly but yesterday i got this error:

ERROR: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.

Error: The provided authorization grant (e.g., authorization code, resource owner credentials) or refresh token is invalid, expired, revoked, does not match the redirection URI used in the authorization request, or was issued to another client.
    at getAuthError (/usr/local/lib/node_modules/n8n/node_modules/client-oauth2/src/client-oauth2.js:122:15)
    at /usr/local/lib/node_modules/n8n/node_modules/client-oauth2/src/client-oauth2.js:276:21
    at processTicksAndRejections (internal/process/task_queues.js:97:5)
    at async /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/src/NodeExecuteFunctions.js:84:30
    at async Object.googleApiRequest (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Google/Sheet/GenericFunctions.js:35:20)
    at async GoogleSheet.getData (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Google/Sheet/GoogleSheet.js:33:26)
    at async Object.execute (/usr/local/lib/node_modules/n8n/node_modules/n8n-nodes-base/dist/nodes/Google/Sheet/GoogleSheets.node.js:840:35)
    at async /usr/local/lib/node_modules/n8n/node_modules/n8n-core/dist/src/WorkflowExecute.js:395:47

Any clues as to what it might be? I haven’t changed anything and have double checked the credential info …

I’ve googled it and havend found a solution, i have even written in to the google support - no luck .

Hey @Luka_Fatur!

Welcome to the community :slightly_smiling_face:

May I know how are you running n8n? Also, can you check your credentials once again? It seems more like an issue from Google.

Hi @harshil1712!

I also received this error while using the Firestore Node with my Oauth credentials and have received it in the HTTP node while using some of the Google Fit API’s. It seems to be resolved by refreshing the connection in the OAuth section of the Edit Credentials page and and then re-agreeing to the access via Google’s permissions flow.

Is this supposed to happen? I thought that n8n would refresh the token automatically?

Also I am running n8n on a Digital Ocean droplet with Docker and am on the latest version.

Thanks! Love the work you guys are doing.

Davis

Welcome to the community. @Davis_Ancona

This is not supposed to happen. I’m currently investigating this cuz another use also reported the same issue. I will keep you posted.

So, just to confirm. This is happening with the Firestore node and with the HTTP Request node when using the Google Fit API’s right?

Correct. Also, the workflow that used the Google Fit HTTP node was never activated. I only ever ran it in test mode (over the course of a few days).

Thanks for looking into it!

This happens with the Gmail node too. I confirm that the solution proposed by @Davis_Ancona works. I “edited” the Gmail Oauth2 credential by simply re-connecting.

Something which I did this week and I guess could have messed up my credentials is that I deleted all my cookies. Where does n8n store the access token returned by the Gmail API (or any Google API)?

Also, I don’t know if this can help, but my Gmail OAuth 2.0 client is a Web application and its publishing status is Testing. Because it’s a testing OAuth app, Gmail keeps telling me that the app is unsecure and I have to click Continue.

This is quite weird. Sadly I have not been able to replicate it. For me, it works just fine.

Something which I did this week and I guess could have messed up my credentials is that I deleted all my cookies. Where does n8n store the access token returned by the Gmail API (or any Google API)?

The credentials are encrypted and saved in the database, so this should not be an issue.

Also, I don’t know if this can help, but my Gmail OAuth 2.0 client is a Web application and its publishing status is Testing. Because it’s a testing OAuth app, Gmail keeps telling me that the app is unsecure and I have to click Continue.

This should no be a problem either.

I have to do the same with Google Sheets API - reconnect

I also get a LOT of 503 errors, is this linked??

@mackie welcome to the community.

Various persons have reported the same issue. We are trying to find the issue, but it does not seem that obvious. For example, for me, it works just fine.

What is the status of your Google app? Pending or Production?

@jackdbd It seems like if your app has the testing status (which is your case) the refresh token expires in 7 days.

A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of “Testing” is issued a refresh token expiring in 7 days.

How often is the workflow that uses the Gmail node being triggered?

Also, if you connect the Gmail node and later change your Gmail password the same happens.

Now that I think about it, I changed my Google password last week. I think I changed my password a couple of days after having connected the n8n Gmail node to my Google Cloud Platform OAuth app.

I guess my issue was caused by the third reason listed here:

The user changed passwords and the refresh token contains Gmail scopes

They also say that there is a limit of 50 refresh tokens per Google Account per OAuth 2.0 client ID, but that seems unlikely to me.

Yes, probably that is the issue. If you reconnect the credentials you should be fine, unless you change the password again.

1 Like

Thanks Ricardo!

I have checked Google console and it’s in production.

It’s so strange, extremely hit or miss, just never consistent. I have tried both OAuth and Service Account and have the same issues.

I have checked quotas on Console and never get anywhere near the limits, and I have actually reduced the cadence a lot since I started to get the issue, but it just seems to still occur.

I am constantly having to go into my N8N instance and refreshing the connection (I have an error workflow triggered for key workflows). This doesn’t always fix it either, sometimes it’s just a waiting game until it starts working again.

Anything else I can check or do here?

Just to be clear, my issues is more related to the Google Sheets API and not Gmail.

It’s so strange, extremely hit or miss, just never consistent. I have tried both OAuth and Service Account and have the same issues.

Ok, this makes it even weirder. In my mind, this should not happen with service account authentication.

I am constantly having to go into my N8N instance and refreshing the connection (I have an error workflow triggered for key workflows). This doesn’t always fix it either, sometimes it’s just a waiting game until it starts working again.

I have tried to replicate the issue using the Google Sheets without success.

Out of curiosity, what version of n8n are you using?

Also, anything in the link below rings a bell?

https://blog.timekit.io/google-oauth-invalid-grant-nightmare-and-how-to-fix-it-9f4efaf1da35

Hello. In my case, to solve the problem “Token has been expired or revoked.” for the application in testing it turned out like this

More specifically, like this:
“The other answer pointed me in the right direction but for me the option was located somewhere else: security> security checkup / security issues found> context menu next to your app> dismiss”
And I trust the developer to press.

1 Like

Hey @dashuk_v!

Thank you for providing this solution! I will add it to the documentation as well :slight_smile: