OAuth 2.0: access_token unexpectedly invalid

283 views
Skip to first unread message

Simon Tannai

unread,
Jul 26, 2022, 5:00:50 PM7/26/22
to Google Cloud Developers
Hello 👋

I'm working on an application using Google OAuth. 
Based on back-end workflow, I'm using offline access_type and consent prompt.
When the user makes the authentication process, I get an access_token and refresh_token as expected. 

After have stored both tokens, I'm checking the status of the access_token each minute with the token info endpoint: https://www.googleapis.com/oauth2/v3/tokeninfo?access_token=[THE_ACCESS_TOKEN].

Then, I control the expires_in from token info response. If the value of expires_in is lower than 300 seconds, I'm generating a new access_token with the previously given refresh_token and updating the new access_token and refresh_token in my database.

But, for an unknown reason, several access_token become invalid randomly. When it's happenninh, I have this response from token info:
{
    "error_description": "Invalid Value"
}

For example, I had a valid token at 17:38:55 with an expires_in value of 1443. At 17:39:55, so one minute later, this same access_token was invalid. 

It was the 25 refreshed token, so the limit of 50 for a given refresh_token was not reached.
My client told me he did not revoke the app from his Google account.
Our application is in production.

How explain this ? And how to fix it or manage it ?
Many many thanks for your help 🙏
Reply all
Reply to author
Forward
0 new messages