Invalid_Grant Error

[aniespica]

For some of our clients twice a week the refresh token ends with invalid_grant. We contact them and request to re-authenticate to get new access & refresh token. It is annoying that it happened and we don't know how to handle it in the code.

Currently, our flow is:

1. A function that interacts with QuickBooks API is called.
2. The function loads the OAuth token from our database.
3. If the access token is expired, we request a new token using the refresh token

const QuickbooksOauthClient = require("intuit-oauth");
const quickbooksOauthClient = new QuickbooksOauthClient(getOauthConfig());
const response = await quickbooksOauthClient.refreshUsingToken(clientsCredentials.RefreshToken); 

4. The new token and refresh token are saved in our database.
5. The API is called.

But for a few of our clients the refreshUsingToken() method response with invalid_grant. The following is a response for one of our clients with this issue:

     {
          "url": "https://oauth.platform.intuit.com/oauth2/v1/tokens/bearer",
          "headers": {
              "date": "Thu, 26 May 2022 05:11:00 GMT",
              "content-type": "application/json;charset=utf-8",
              "content-length": "25",
              "connection": "close",
              "intuit_tid": "1-628f0be4-19ed5ea63980105102b16b1e",
              "x-spanid": "4ed3e0e2-45a2-47bd-bae5-06c8024b8583",
              "x-amzn-trace-id": "Root=1-628f0be4-19ed5ea63980105102b16b1e",
              "x-content-type-options": "nosniff",
              "server": "envoy",
              "cache-control": "no-cache, no-store",
              "pragma": "no-cache",
              "x-envoy-upstream-service-time": "35",
              "strict-transport-security": "max-age=31536000"
          },
          "body": "{\"error\":\"invalid_grant\"}",
          "status": 400,
          "statusText": "Bad Request"
      }

What can we do to handle this issue by code?

[codescalar]

We are seeing the exact same issue as described above. Still looking for solutions.

[jackammon]

We are also having this exact issue. Are there any updates on this? I have a hunch ours is related to this issue.

Edit: It looks like our issue was with the functional expiration time of refresh_tokens. This issue is what helped us solve our problem. The refresh_token has a stated expiration of 100 days, however it gets regenerated every 24-26 hours?? The API doesn't honor old refresh_tokens if a new one has been reissued. So effectively they "expire" every 24-26 hours. Still a bit confused with this but it solved our problem.

[thekennysong]

@jackammon @aniespica have either of you experienced a user not being able to connect at all? For some reason, when trying to generate a token we keep getting a Token invalid when literally we're generating a new token haha. Super frustrating but I expect nothing more from QBO's API service. Below is our code to generate a new token in the callback function.

 const oauthClient = createOauthClient();
    try {
      await oauthClient.createToken(req.url);
    } catch (e) {
      req.log.error(e, 'qb-error');
      res.sendStatus(401);
      return;
    }

[JoeMartin2001]

Any update here?

[rajeshgupta723]

Thanks @JoeMartin2001 , @thekennysong , @jackammon , @codescalar , @aniespica -- appreciate all your patience and support. Please check out the latest npm package released:
https://www.npmjs.com/package/intuit-oauth/v/4.1.1
Closing this issue for now. Feel free to re-open if you see any issues. Thanks