Google OAuth invalid grant: Token has been expired or revoked — What it means & how to fix it

Encountering the "invalid_grant: Token has been expired or revoked" error is a common issue when working with Google OAuth refresh tokens, and this article provides guidance on detecting and resolving it. The error, which renders the refresh token unusable, can occur due to various reasons including the app being in "Testing" mode, user revocation of access, inactivity for six months, password changes, exceeding client token limits, or admin-enforced policies. To address the issue, it's crucial to check the publishing status of the app and, if needed, switch from "Testing" to "Production," which may involve a security review. If the problem persists, users should be prompted to re-authenticate to obtain a new refresh token. To prevent such issues, developers are advised to regularly refresh tokens, discard stale access tokens, store new tokens, and monitor for spikes in "invalid_grant" errors. Solutions like Nango offer automated token refreshing and management to simplify handling OAuth token lifecycles.