question

Nick Craig-Wood avatar image
Nick Craig-Wood asked

Invalid grant on oauth token refresh

One of the users of my rclone program gets this error whenever his token expires and rclone tries to renew it {"error_description":"The request has an invalid grant parameter : refresh_token","error":"invalid_grant"} I've only had one other report of this, but for this user it is quite persistent. The oauth code works fine for 1000s of other ACD users. He is based in Hungary if that makes a difference. Here is the failing HTTP transaction - any ideas? Thanks Nick 2016/04/13 11:01:28 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 2016/04/13 11:01:28 HTTP REQUEST 2016/04/13 11:01:28 POST /auth/o2/token HTTP/1.1 Host: api.amazon.com User-Agent: Go-http-client/1.1 Content-Length: 740 Authorization: Basic YW16bjEuYXBXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip client_id=amzn1.application-oa2-client.6bf18d2d1f5b485cXXXXXXXXXXXXXXXX&grant_type=refresh_token&refresh_token=Atzr%7CIQEBLjAsAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXX-XXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX 2016/04/13 11:01:28 >>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>> 2016/04/13 11:01:34 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 2016/04/13 11:01:34 HTTP RESPONSE 2016/04/13 11:01:34 HTTP/1.1 400 Bad Request Connection: close Connection: keep-alive Content-Type: application/json Date: Wed, 13 Apr 2016 09:01:34 GMT Server: Server Vary: Accept-Encoding,User-Agent X-Amz-Date: Wed, 13 Apr 2016 09:01:34 GMT X-Amzn-Errortype: OA2InvalidRequestException: http://internal.amazon.com/coral/com.amazon.panda/ X-Amzn-Requestid: 52a418f1-0156-11e6-98c2-5f856d61b95a {"error_description":"The request has an invalid grant parameter : refresh_token","error":"invalid_grant"} 2016/04/13 11:01:34 <<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<<< 2016/04/13 11:01:34 Failed to create file system for "ACD:": Failed to get endpoints: Get https://drive.amazonaws.com/drive/v1/account/endpoint: oauth2: cannot fetch token: 400 Bad Request Response: {"error_description":"The request has an invalid grant parameter : refresh_token","error":"invalid_grant"}
amazon drive
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

rambalac avatar image
rambalac answered
client_secret is missing
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

Nick Craig-Wood avatar image
Nick Craig-Wood answered
I don't think anything is missing - here is a the request/response from a successful token refresh which is pretty much identical 2016/04/14 20:15:30 HTTP REQUEST 2016/04/14 20:15:30 POST /auth/o2/token HTTP/1.1 Host: api.amazon.com User-Agent: Go-http-client/1.1 Content-Length: 613 Authorization: Basic YW16bjEuXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX Content-Type: application/x-www-form-urlencoded Accept-Encoding: gzip client_id=amzn1.application-oa2-client.6bf18d2d1f5bXXXXXXXXXXXXXXXXXXX7&grant_type=refresh_token&refresh_token=Atzr%7CIQEBLjAXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXX-XXXXXXXXXXXXX_XXXXXX-XXXXXXX_XXXXX-XXXXX-XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX-XXXX_XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX_XXXXXXXXX_XXXXXXXX 2016/04/14 20:15:31 HTTP RESPONSE 2016/04/14 20:15:31 HTTP/1.1 200 OK Connection: close Connection: keep-alive Content-Type: application/json Date: Thu, 14 Apr 2016 19:15:31 GMT Server: Server Vary: Accept-Encoding,User-Agent X-Amz-Date: Thu, 14 Apr 2016 19:15:31 GMT X-Amzn-Requestid: 41633ac4-0275-11e6-b9a3-0f424e2d4cf6 {"access_token":"Atza|IQE.....}
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.

rambalac avatar image
rambalac answered
client_secret is required by REST API specification. If some other requests are successful because of any other reasons like caching on the same node or whatever it does not mean it has to be successful everywhere.
10 |5000

Up to 2 attachments (including images) can be used with a maximum of 512.0 KiB each and 1.0 MiB total.