Google 令牌刷新返回“令牌已过期或撤销." [英] Google token refresh returns "Token has been expired or revoked."

问题描述

我有一个由 Google 批准的 Google OAuth2 客户端，它为具有所需范围的用户帐户提供离线访问.我的后端应用程序存储并使用 刷新令牌 来刷新访问令牌，在需要时.

I have a Google OAuth2 client approved by Google, which provides offline access to user's account with required scopes. My backend application stores and uses the refresh token to refresh the access tokens as and when needed.

最近，我们发现我们的令牌刷新尝试遇到了来自 Google 的错误:

Lately, we are seeing that our token refresh attempt is met with an error from Google with:

{
    "error" : "invalid_grant",
    "error_description" : "Token has been expired or revoked."
}

没有附加信息.

我的 Google OAuth 客户端没有任何变化.用户未更改帐户密码.用户尚未撤销对我客户的访问权限.

Nothing has changed in my Google OAuth client. The user has not changed account password. The user has not revoked access to my client.

令牌刷新时突然出现此类错误的原因可能是什么?我将来如何避免这种情况(如果可能)?

What could be the reason for suddenly getting such errors for token refresh? And how do I avoid this in future (if possible)?

推荐答案

您是否在不经意间多次要求刷新令牌?大约有一个限制.一个帐户可以拥有的 25 个刷新令牌.

Are you inadvertently asking for the refresh token multiple times? There is a limit of approx. 25 refresh tokens that an account can have extant.

这篇关于Google 令牌刷新返回“令牌已过期或撤销."的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！