userinfo endpoint returns Invalid Credentials with a valid (verified) access_token
1,257 views
Skip to first unread message
Pierre Valade
Sep 10, 2012, 8:23:14 AM9/10/12
to oauth...@googlegroups.com
Hey there,
I'm trying to GET https://www.googleapis.com/oauth2/v1/userinfo with a valid access_token (which I have validated with https://www.googleapis.com/oauth2/v1/tokeninfo) and I get the following error.
{
- error: {
- errors: [
- {
- domain: "global",
- reason: "authError",
- message: "Invalid Credentials",
- locationType: "header",
- location: "Authorization"
- code: 401,
- message: "Invalid Credentials"
The reply from https://www.googleapis.com/oauth2/v1/tokeninfo for this access_token is:
{"issued_to"=>"xxx.apps.googleusercontent.com", "audience"=>"xxx.apps.googleusercontent.com", "user_id"=>"xxx", "scope"=>"https://www.googleapis.com/auth/calendar https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.google.com/m8/feeds", "expires_in"=>2905, "email"=>"google apps email", "verified_email"=>true, "access_type"=>"offline"}
Any ideas? It's only happening for one of my users on a Google Apps account. That's weird is that UserProfile, Calendars API don't work, but Contacts API works!
Can there be Google Apps restrictions for this domain by the administrator?
Thanks,
– Pierre
Marius Scurtescu
Sep 10, 2012, 1:50:00 PM9/10/12
to oauth...@googlegroups.com
Hi Pierre,
Marius
Can you please also try the legacy userinfo endpoint, to see if it makes a difference?
https://www.googleapis.com/userinfo/email?oauth_token=<access_token>
Keep in mind that this is a legacy endpoint and it is deprecated, don't use it for anything else than this troubleshooting.
Is this particular user configure differently in any way than other users in your domain?
What flow are you using to acquire the access tokens?
Thanks,
Marius
Marius
--
Pierre Valade
Sep 10, 2012, 2:00:35 PM9/10/12
to oauth...@googlegroups.com
Hey Marius,
Thanks for looking into it.
The legacy userinfo endpoint also returns: Invalid Credentials
Yes, it seems like this user is the only one that has this type of problem. On some others users, I have the same errors sometimes (401 Invalid Credentials), but the error goes away after a while (or when I retry the request or refresh the token). By the way, refreshing the access_token for this user works too.
The legacy userinfo endpoint also returns: Invalid Credentials
Yes, it seems like this user is the only one that has this type of problem. On some others users, I have the same errors sometimes (401 Invalid Credentials), but the error goes away after a while (or when I retry the request or refresh the token). By the way, refreshing the access_token for this user works too.
I'm using the https://developers.google.com/accounts/docs/OAuth2WebServer flow.
We can chat over email if you want too, and be more specific.
– Pierre
--
Reply all
Reply to author
Forward
0 new messages