Google refresh token getting invalid grant error

Question

I'm trying to use google analytics api for my account. So at first i allow the application access with offline refresh token. Buy when I try to refresh the token I get "Invalid Grant" error. Tried to refresh both with the php client library and manually with curl.

this is manually with curl:

$oauth2token_url = "https://accounts.google.com/o/oauth2/token";
    $clienttoken_post = array(
    "client_id" => 'xxxxxxxx-d28qutrse5bvaf7n4a37qgs5ieijvp9n.apps.googleusercontent.com',
    "client_secret" => 'xxxxxxxxxxxxx');

        $clienttoken_post["refresh_token"] = $refresh_token;
        $clienttoken_post["grant_type"] = "refresh_token";

    $curl = curl_init($oauth2token_url);

    curl_setopt($curl, CURLOPT_POST, true);
    curl_setopt($curl, CURLOPT_POSTFIELDS, $clienttoken_post);
    curl_setopt($curl, CURLOPT_HTTPAUTH, CURLAUTH_ANY);
    curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
    curl_setopt($curl, CURLOPT_RETURNTRANSFER, 1);

    $json_response = curl_exec($curl);
    curl_close($curl);

    $authObj = json_decode($json_response);

    print_r($authObj);


    exit();

the refresh token i got with a previous call using the simple.php example:

require_once '../../src/apiClient.php';
require_once '../../src/contrib/apiAnalyticsService.php';
session_start();

$client = new apiClient();
$client->setApplicationName("Google Analytics PHP Starter Application");

// Visit https://code.google.com/apis/console?api=analytics to generate your
// client id, client secret, and to register your redirect uri.
 $client->setClientId('xxxxxxxxx-d28qutrse5bvaf7n4a37qgs5ieijvp9n.apps.googleusercontent.com');
 $client->setClientSecret('xxxxxx');
 $client->setRedirectUri('https://www.xxxxxxxxxx.org/oauth2callback/google-api-php-client/examples/analytics/simple.php');
 $client->setDeveloperKey('xxxxxxx');



if (isset($_GET['logout'])) {
  unset($_SESSION['token']);
}

if (isset($_GET['code'])) {
  $client->authenticate();
  $_SESSION['token'] = $client->getAccessToken();
  header('Location: http://' . $_SERVER['HTTP_HOST'] . $_SERVER['PHP_SELF']);
}

if (isset($_SESSION['token'])) {
//    echo $_SESSION['token'];
  $client->setAccessToken($_SESSION['token']);
}
echo $client->getAccessToken()

Answer 1

if anyone is interested i finally solved it after a few hours:

I went to oauth playground: https://code.google.com/oauthplayground in the right, there is a settings button. selected "Use your own OAuth credentials". took the refresh token from there, and it works with no problem.

Answer 2

If anyone else runs into this problem ...

We had an issue where the same post request would not work initially, but work thereafter.

For us it looked like google was super picky about the iat time -- try subtracting 5 minutes from it.