GDrive expiring after a week?

rclone version

rclone v1.62.2
- os/version: raspbian 11.7
- os/kernel: 6.1.21-v7+ (armv7l)
- os/type: linux
- os/arch: arm (ARMv7 compatible)
- go/version: go1.20.2
- go/linking: static
- go/tags: none

I have activated GDrive share with client_id and Client_secret. rclone is running as a service.

After a week of operations, it stopped working due to:

2023/06/14 12:40:50 INFO  : Google drive root '': Failed to get StartPageToken: Get "": couldn't fetch token: invalid_grant: maybe token expired? - try refreshing with "rclone config reconnect GDrive:"
2023/06/14 12:41:49 DEBUG : GDrive: Loaded invalid token from config file - ignoring
2023/06/14 12:41:50 DEBUG : GDrive: got fatal oauth error: oauth2: cannot fetch token: 400 Bad Request
Response: {
  "error": "invalid_grant",
  "error_description": "Token has been expired or revoked."

Is it normal? Should I have to reconfig every week? I have an automated backup from a Raspberry and this would be very inconvenient.

Depends how you configured client_id and client_secret:

Keeping the application in "Testing" will work as well, but the limitation is that any grants will expire after a week, which can be annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient.

I cannot "Publish" the app, as I need a Workspace account for this. And , even in that case, it will require informations that I cannot supply, such as:

An official link to your app's Privacy Policy
A YouTube video showing how you plan to use the Google user data you get from scopes
A written explanation telling Google why you need access to sensitive and/or restricted user data
All your domains verified in Google Search Console

So, if there are no other options, I cannot use this for my backups.

You keep application in testing so token expires in one week - this is how it works - no surprise here.

This is Google Drive client ID I use - I do not have Workspace account - I use External - you just stop at this screen - maybe you clicked 'Back to testing'. I do not prepare anything for verification.

Then when used this is "scary confirmation screen shown" docs talk about when you verify rclone config:

You just used unverified stuff - maybe docs could be more clear about it.

I'll give it a try as soon as I am back home

  1. Go to API Console
  2. Create new project
  3. Under "ENABLE APIS AND SERVICES" search for "Drive", and ENABLE the "Google Drive API".
  4. Click "Credentials" in the left-side panel
  5. Click CONFIGURE CONSENT SCREEN -> External -> CREATE -> enter name, email -> SAVE AND CONTINUE
  6. Add scopes -> Save and continue

  1. DO NOT create any test user -> Save and continue ->Back to Dashboard
  2. Credentials again -> Create Credentials -> OAuth client ID
  3. Choose "Desktop App", enter the app name ->CREATE
  4. OAuth consent screen in the left panel-> click PUBLISH APP

DONE - do not prepare any verification or go back to testing. You can close the browser create new remote with your new client_id and client_secret and start using it

That's what I did few days ago, except I did create a test user. Anyway now I have clicked on Publish and my screen is like yours. But I still don't get the scary screen at authorization.

You are doing something wrong.

Start from the scratch - follow my steps - create new remote (this is when you will see "scary screen") - when you authenticate

Did it.
Authorized without scary screen. Rclone is running. Now should I wait 8 days to see if it is OK?

without this screen

I would think you are using testing... but not sure how to test it

My authentication makes it clear that app is published but not verified. my token never expires....

Screenshot 2023-06-14 alle 15.19.15

Have you created NEW remote and entered client_id and client_secret during the process?

of course... like you said...

Yes but now question is if token is bound to these new credentials - this is why I recommend to create new remote to be sure

I deleted the old one and created a new one

You will know in 8 days:) I have no way to check I am afraid. But all works for me.

...I will let you know. This is my last chance for rclone...

I promised a report. After 9 days it is still working and renovating the token.

1 Like

Thank you for letting us know. And great news:)