OAuth Flow - Invalid Grant
We have a mostly working OAuth flow going and ran into an issue today we needed to report.
None of us have used OAuth for at least a couple weeks, but today we needed to.
We have the OAuth Tokens in our registry, but received this error from Gmail:
Header: Cache-Control=no-cache, no-store, max-age=0, must-revalidate
Date=Mon, 14 Apr 2025 17:45:35 GMT
Pragma=no-cache
Transfer-Encoding=chunked
Content-Type=application/json; charset=utf-8
Expires=Mon, 01 Jan 1990 00:00:00 GMT
Accept-Ranges=none
Server=scaffolding on HTTPServer2
Vary=X-Origin, Referer, Origin,Accept-Encoding
X-XSS-Protection=0
X-Frame-Options=SAMEORIGIN
X-Content-Type-Options=nosniff
Alt-Svc=h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content: {
"error": "invalid_grant",
"error_description": "Bad Request"
}
The program looks to continue to re-authorize (the user gets a browser, and enters their credentials, no errors). The problem though is the email does not go out.
After deleting the registry keys manually, and restarting, everything flows like it should.
We've noticed quite a few hiccups when a key is revoked, expired, or the million other reasons a key could go bad. RB often correctly starts the flow again, but has trouble saving the new keys back to the registry.
We've tried capturing the error OnEmailError, and deleting the registry ourselves. And again, while it then goes through all of the flow successfully, it does not write the new tokens to the registry.
We have not tried this through the INI storage.
None of us have used OAuth for at least a couple weeks, but today we needed to.
We have the OAuth Tokens in our registry, but received this error from Gmail:
Header: Cache-Control=no-cache, no-store, max-age=0, must-revalidate
Date=Mon, 14 Apr 2025 17:45:35 GMT
Pragma=no-cache
Transfer-Encoding=chunked
Content-Type=application/json; charset=utf-8
Expires=Mon, 01 Jan 1990 00:00:00 GMT
Accept-Ranges=none
Server=scaffolding on HTTPServer2
Vary=X-Origin, Referer, Origin,Accept-Encoding
X-XSS-Protection=0
X-Frame-Options=SAMEORIGIN
X-Content-Type-Options=nosniff
Alt-Svc=h3=":443"; ma=2592000,h3-29=":443"; ma=2592000
Content: {
"error": "invalid_grant",
"error_description": "Bad Request"
}
The program looks to continue to re-authorize (the user gets a browser, and enters their credentials, no errors). The problem though is the email does not go out.
After deleting the registry keys manually, and restarting, everything flows like it should.
We've noticed quite a few hiccups when a key is revoked, expired, or the million other reasons a key could go bad. RB often correctly starts the flow again, but has trouble saving the new keys back to the registry.
We've tried capturing the error OnEmailError, and deleting the registry ourselves. And again, while it then goes through all of the flow successfully, it does not write the new tokens to the registry.
We have not tried this through the INI storage.
Comments
Which version of ReportBuilder are you using?
Testing with RB 23, I am able to re-authorize after the "Bad Request" error and a new Access/Refresh token is added to the registry/ini file.
Below is my test:
1. Log out from GMail (remove all GMail entries from the registry/ini).
2. Send new mail (log into GMail).
3. Manually delete Expiry entry from reg/ini.
4. Manually alter the RefreshToken entry so it is incorrect.
5. Send mail again ("Bad Request" error given followed by Re-Authorization), mail sent.
6. Access/Refresh token has been updated in the registry/ini.
Nico Cizik
Digital Metaphors
http://www.digital-metaphors.com
I couldn't find anything in the Release Notes that indicated there was a fix here, so we haven't updated yet.
I do have a sample application I can package up for you if needed.
As a byproduct of new features, many aspects of the OAuth2 process in ReportBuilder was refactored to improve performance and stability. If you would like to send me your example, I can test it with the latest version of ReportBuilder and report back. Send the example in .zip format to support@digital-metaphors.com.
Nico Cizik
Digital Metaphors
http://www.digital-metaphors.com
Nico Cizik
Digital Metaphors
http://www.digital-metaphors.com