Occasional OAuth2 Reauthorization

[quinnaissance]

This may be related to KrishGarg's issue. It seems that I am periodically required to re-authorize via the Google web interface, despite the readme saying this should only occur once. I looked at gmail_token.json and sure enough, it has been modified with a new access_token.

I can't tell why this is occurring; it doesn't seem to be at any consistent time interval. I printed the exception:
<class 'oauth2client.client.HttpAccessTokenRefreshError'>
But that's all I could get for now.

Edit: It's probably worth noting I initially thought this was occurring because my program was running the same loop for many hours without re-initiating Gmail() (I assumed this would cause the refresh tokens not to update), but I made it re-initiate every hour and this still seems to occur.

[KrishGarg]

Yea I have the same issue. I googled about it and it needs to refresh the access token with the refresh token. I think the simplegmail module should have a system for this, but I am new with google APIs so I am not sure.

[Mr-Groch]

I'm running this script in cron (every 30 minutes) so Gmail class is reinitialized each time and I also have problem with token expiring...

[jeremyephron]

@quinnaissance @KrishGarg @Mr-Groch Sorry for taking so long to get to this issue. This will be implemented very soon.

Just to explain what's going on: the reason why restarting the script still runs into this issue is because it will not get a new token when the old token is still good, so it is launched towards the end of the token's lifetime, it expires during the run, and then crashes. Running after expiring will always work since it will ask for a new token now that the old one is expired.

Update 1: This is done on a new branch. I will need to continue to wait for tokens to expire to properly test, so this should be available in just over an hour.

Update 2: My laptop inexplicably died and has not turned back on. Working on getting onto a new machine.

[quinnaissance]

@jeremyephron Sorry to hear about the laptop! I am not in a rush so release whenever you're able :)

[jeremyephron]

This has been added to v4.0.4, which is now available.

[Mr-Groch]

@jeremyephron unfortunately on 4.0.4 I had this issue 2 times in past 2 weeks:

Traceback (most recent call last):
  File "/volume1/homes/groch/dev/kindle-gmail-verify/kindle-gmail-verify.py", line 8, in <module>
    labels = gmail.list_labels()
  File "/opt/lib/python3.9/site-packages/simplegmail/gmail.py", line 562, in list_labels
    res = self.service.users().labels().list(
  File "/opt/lib/python3.9/site-packages/simplegmail/gmail.py", line 107, in service
    self.creds.refresh(Http())
  File "/opt/lib/python3.9/site-packages/oauth2client/client.py", line 545, in refresh
    self._refresh(http)
  File "/opt/lib/python3.9/site-packages/oauth2client/client.py", line 761, in _refresh
    self._do_refresh_request(http)
  File "/opt/lib/python3.9/site-packages/oauth2client/client.py", line 819, in _do_refresh_request
    raise HttpAccessTokenRefreshError(error_msg, status=resp.status)
oauth2client.client.HttpAccessTokenRefreshError: invalid_grant: Token has been expired or revoked.

And I had to run manually with --noauth_local_webserver option and reathorize...

[quinnaissance]

@Mr-Groch @jeremyephron Unfortunately I have also still had this issue despite upgrading to 4.0.4. It doesn't occur very often but it's definitely still happening.

[jeremyephron]

Hi @Mr-Groch @quinnaissance, sorry to hear there are intermittent issues. I will add a fix for this as soon as I can test it. Am I correct that to reproduce this you are just running the program for an extended duration, periodically making requests (every 15-30 minutes or so?). I will try to figure out the root issue.

[quinnaissance]

@jeremyephron I'm using it for notifications related to a reddit bot. The program runs on a loop once per week in a particular time window of about 3-5 hours. However, simplegmail is only being called in two circumstances:

1. If a timer runs over an hour → the constructor will be called again (was using this to try token refreshing)
2. If a particular string pattern is found → a single email is sent, and then the program terminates.

edit: So just to clarify, I'm only calling simplegmail 1-2 times per hour.

On average I'd say I encounter this 1-2 times per 3-5 hour runtime. Like I said before, I don't think it's at a specific time interval although I could be wrong.

[Mr-Groch]

I'm using simplegmail in simple python script running in cron every 30 minutes.

[yeralexey]

Hi everyone!

I am new in gihub, python and google api, so my question might be solved but i cant get how or where.

My script was running on VPS, so got in trouble that seems to be described here. Script suppose to run each 10 minutes, exactle in one week i got this:

**"Your browser has been opened to visit:

https://accounts.google.com/o/oauth2/auth?...........(my personal api oath data i guess).........&access_type=offline&response_type=code

If your browser is on a different machine then exit and re-run this
application with the command-line parameter --noauth_local_webservernex
"**

So i stucked on this moment.... Can somebody explain me what shoud be done next? If i run it on my home ps - Authorisation window is being opened, i pass it but i cant do the same on my VPS.

Thanks, people.

[felciano]

Hi folks just started using simplegmail inside of a pandas script that runs daily, and seem to have been bitten by this issue. Is the a current workaround or way to ensure the tokens are refreshed appropriately without forcing a new log in?

[quinnaissance]

Hi folks just started using simplegmail inside of a pandas script that runs daily, and seem to have been bitten by this issue. Is the a current workaround or way to ensure the tokens are refreshed appropriately without forcing a new log in?

Hello, I have yet to find a workaround unfortunately.

[felciano]

Hi folks --

After some additional logging and testing, I can confirm what @lemminkeinen suggests: the token seems to expire after exactly one week. I wonder if this is running afoul of limits imposed by Google for "unpublished" apps:

Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire.

Aside: @jeremyephron is there a particular reason you are using oauth2client? It has been deprecated for several years in favor of google-auth (link). Most of the example code seems to use the newer libraries, so might be easier to diagnose going forward if the newer recommend libs were used.

[jeremyephron]

Hey folks, a couple different issues being discussed here: auth failures within a week and expiry after a week.

@felciano correctly stated that unpublished apps will have their tokens expire after a week.

I have no been able to reproduce a quicker failure (e.g., I've had a script sending a message every 20-30 minutes for days on end with no failure).

Because it's been so long, I'm going to close this issue. Please open a new issue with more details on the failure and how to reproduce if this is an ongoing problem.

[reinthalwork]

Is it possible to automate resetting the token using selenium perhaps?