google-api-ruby-client: invalid_grant error

Hello! Today I’ve faced an invalid grant error, and as I’m doing a service application I’m confused because there should not be any refresh tokens, only access tokens, right? https://developers.google.com/accounts/docs/OAuth2ServiceAccount

WARN -- : Google::APIClient - Please provide :application_name and :application_version when initializing the client
/home/lessless/.rvm/gems/ruby-2.0.0-p247/gems/signet-0.4.5/lib/signet/oauth_2/client.rb:873:in `fetch_access_token': Authorization failed.  Server message: (Signet::AuthorizationError)
{
  "error" : "invalid_grant"
}
    from /home/lessless/.rvm/gems/ruby-2.0.0-p247/gems/signet-0.4.5/lib/signet/oauth_2/client.rb:888:in `fetch_access_token!'
    from /home/lessless/projects/repaker/generator/_plugins/lib/google_client.rb:23:in `fetch_api_token!'
    from /home/lessless/projects/repaker/generator/_plugins/lib/google_client.rb:8:in `initialize'

here is my code


  class GoogleClient
    attr_reader :credentials, :client

    def initialize(credentials)
      @credentials = credentials
      @client = Google::APIClient.new()
      fetch_api_token!
    end


    def fetch_api_token!
      # Load our credentials for the service account
      key = Google::APIClient::KeyUtils.load_from_pkcs12(credentials['key_file'], credentials['key_secret'])
      @client.authorization = Signet::OAuth2::Client.new(
        :token_credential_uri => 'https://accounts.google.com/o/oauth2/token',
        :audience => 'https://accounts.google.com/o/oauth2/token',
        :scope => 'https://www.googleapis.com/auth/analytics.readonly',
        :issuer => credentials['service_account_email'],
        :signing_key => key)

      # Request a token for our service account
      @client.authorization.fetch_access_token!      
    end    

  end

also time is synced with ntp: sudo ntpdate ntp.ubuntu.com as https://developers.google.com/analytics/devguides/reporting/core/v2/gdataAuthentication suggests

About this issue

  • Original URL
  • State: closed
  • Created 11 years ago
  • Comments: 29 (1 by maintainers)

Most upvoted comments

I had the same issue… As it turns out the clock on my local computer was a bit ahead… Once I updated the clock and restarted the server everything worked.

+4
andreitr on Jun 2, 2014

If your case is dinghy, you should restart proxy container

$ dinghy restart

+1
alexismansilla on Jun 29, 2017

+1 for sudo ntpdate ntp.ubuntu.com

+1
tvcam on Dec 15, 2015

What is this… Im not using ubuntu. Im using MacOSX and also iOS in both platforms Im able to get new access tokens, using the refresh token. The problem is that after some hours… specially after the access token expired, I try to get a new one… then I get the invalid_grant response. I dont know why it works perfectly… but soon after the access_token expires… the refresh_token is not able to get more access_tokens.

+1
omarojo on Dec 4, 2015

Have you tried to run sudo ntpdate ntp.ubuntu.com ?

+1
nasaabg on Jul 31, 2015

I solved my issue running sudo ntpdate ntp.ubuntu.com inside vagrant machine And here is my code:

class GoogleClientService
  def initialize(scope, key_file)
    @scope    = scope
    @key_file = key_file
  end

  def get_access_token
    client = Google::APIClient.new(application_name: 'app_name')
    key    = Google::APIClient::KeyUtils.load_from_pkcs12(@key_file, 'notasecret')

    client.authorization = Signet::OAuth2::Client.new(
      token_credential_uri: ENV['TOKEN_URI'],
      audience:             ENV['TOKEN_URI'],
      scope:                @scope,
      issuer:               ENV['SERVICE_ACCOUNT_EMAIL'],
      signing_key:          key
    )

    client.authorization.fetch_access_token!
  end

end
+1
smarquezs on Feb 5, 2015
Read more comments on GitHub
← google-api-ruby-client: Invalid request (Google::Apis::ClientError) 404
google-api-ruby-client: Receive "certificate verify failed" when running client.authorization.fetch_access_token! on Mac →