Invalid auth token. xxxxxxxxxx vs xxxxxxxxxx

[mdurn]

Hello,

Recently we started seeing the "Invalid auth token. xxxxxxxxxx vs xxxxxxxxxx" error in both Chrome and Firefox consoles on our site. On page load we refresh the auth token if it has expired (or doesn't exist). We're having trouble tracking down the cause of the issue. Were there any changes to the JS api or do you know what the usual causes of this issue are? Any help is appreciated. Thanks!

Invalid auth token. 1777xxxxxx vs 1479xxxxxx
https://apis.google.com/_/apps-static/_/js/gapi/client/rt=j/ver=l58qJK-yRR8.en_US./sv=1/am=!2H2H8ZqGj6aIqyfgIg/d=1/rs=AItRSTOk3LPczNYwAC1PU_qgD-9k6tRUbw/cb=gapi.loaded_0
Line 106

[John Hjelmstad]

This is actually not an OAuth 2 issue at all. The "token" in question is a Shindig-style gadgets.rpc "rpctoken," and the reason you're seeing a mismatch is most likely that a previously-uncached iframe is now being cached and the JavaScript inside the iframe is not properly reinitializing gadgets.rpc on hashchange events. This can occur for a few reasons but often is the result of bfcache browser behavior. We've typically gotten around this when rendering gadgets (or [i]frames) by setting src to about:blank, then changing the URL to whatever is intended. YMMV on whether that might be implicated in your particular case!

This error message substantially predates OAuth 2, and is far too confusing. I will change it to avoid this sort of confusion in the future.

Cheers,

John