Hi everyone,
One of our clients tried to log in using Google but encountered the following error:
Code: 3109 Error during obtaining of access token. Response from OAuth2 provider server: Bad Request { “error”: “invalid_grant”, “error_description”: “Bad Request” }
Could you please help investigate and advise on a resolution?
App ID:4A47197B-AE30-FA84-FF56-0071F4010900
Thank you!
Hello @Francis_Bagas
Thank you for reporting this issue. The invalid_grant error typically occurs due to a temporary hiccup in the authorization exchange process between our servers and Google (e.g., an expired or accidentally duplicated authorization code).
We have escalated this to our team, and they will look into the issue to find out what went wrong.
In the meantime, could you or your client please try the following quick troubleshooting steps?
If the issue persists after trying this, please let us know. We will update you as soon as our team have more information!
Best regards,
Viktor
Hello @Francis_Bagas
Thank you for reporting this issue. We investigated the error.
What happened:
The invalid_grant error from Google can occur for several reasons, but the most likely explanation in this case is that the same authorization code was sent to the server more than once. Google’s authorization codes are strictly
single-use — once a code is exchanged for an access token, any subsequent attempt to use the same code will be rejected with this error.
This typically happens when:
In any of these cases, the first request would succeed normally, but the second request would attempt to exchange the same code with Google and receive invalid_grant.
Recommendation:
Please ensure the OAuth callback is not being triggered multiple times. Preventing duplicate requests should resolve this issue.
Let us know if you have any further questions.
Regards,
Volodymyr
