GDrive expiring after a week?

Fabio · June 14, 2023, 10:43am

rclone version

rclone v1.62.2
- os/version: raspbian 11.7
- os/kernel: 6.1.21-v7+ (armv7l)
- os/type: linux
- os/arch: arm (ARMv7 compatible)
- go/version: go1.20.2
- go/linking: static
- go/tags: none

I have activated GDrive share with client_id and Client_secret. rclone is running as a service.

After a week of operations, it stopped working due to:

2023/06/14 12:40:50 INFO  : Google drive root '': Failed to get StartPageToken: Get "https://www.googleapis.com/drive/v3/changes/startPageToken?alt=json&prettyPrint=false&supportsAllDrives=true": couldn't fetch token: invalid_grant: maybe token expired? - try refreshing with "rclone config reconnect GDrive:"
2023/06/14 12:41:49 DEBUG : GDrive: Loaded invalid token from config file - ignoring
2023/06/14 12:41:50 DEBUG : GDrive: got fatal oauth error: oauth2: cannot fetch token: 400 Bad Request
Response: {
  "error": "invalid_grant",
  "error_description": "Token has been expired or revoked."
}

Is it normal? Should I have to reconfig every week? I have an automated backup from a Raspberry and this would be very inconvenient.

kapitainsky · June 14, 2023, 10:53am

Depends how you configured client_id and client_secret:

Keeping the application in "Testing" will work as well, but the limitation is that any grants will expire after a week, which can be annoying to refresh constantly. If, for whatever reason, a short grant time is not a problem, then keeping the application in testing mode would also be sufficient.

Fabio · June 14, 2023, 10:55am

I cannot "Publish" the app, as I need a Workspace account for this. And , even in that case, it will require informations that I cannot supply, such as:

An official link to your app's Privacy Policy
A YouTube video showing how you plan to use the Google user data you get from scopes
A written explanation telling Google why you need access to sensitive and/or restricted user data
All your domains verified in Google Search Console

Fabio · June 14, 2023, 11:00am

So, if there are no other options, I cannot use this for my backups.

kapitainsky · June 14, 2023, 11:46am

You keep application in testing so token expires in one week - this is how it works - no surprise here.

This is Google Drive client ID I use - I do not have Workspace account - I use External - you just stop at this screen - maybe you clicked 'Back to testing'. I do not prepare anything for verification.

Then when used this is "scary confirmation screen shown" docs talk about when you verify rclone config:

You just used unverified stuff - maybe docs could be more clear about it.

Fabio · June 14, 2023, 11:58am

I'll give it a try as soon as I am back home

kapitainsky · June 14, 2023, 12:48pm

Go to API Console
Create new project
Under "ENABLE APIS AND SERVICES" search for "Drive", and ENABLE the "Google Drive API".
Click "Credentials" in the left-side panel
Click CONFIGURE CONSENT SCREEN -> External -> CREATE -> enter name, email -> SAVE AND CONTINUE
Add scopes -> Save and continue

https://www.googleapis.com/auth/docs
https://www.googleapis.com/auth/drive
https://www.googleapis.com/auth/drive.metadata.readonly

DO NOT create any test user -> Save and continue ->Back to Dashboard
Credentials again -> Create Credentials -> OAuth client ID
Choose "Desktop App", enter the app name ->CREATE
OAuth consent screen in the left panel-> click PUBLISH APP

DONE - do not prepare any verification or go back to testing. You can close the browser create new remote with your new client_id and client_secret and start using it

Fabio · June 14, 2023, 12:54pm

That's what I did few days ago, except I did create a test user. Anyway now I have clicked on Publish and my screen is like yours. But I still don't get the scary screen at authorization.

kapitainsky · June 14, 2023, 12:56pm

You are doing something wrong.

Start from the scratch - follow my steps - create new remote (this is when you will see "scary screen") - when you authenticate

Fabio · June 14, 2023, 1:08pm

Did it.
Authorized without scary screen. Rclone is running. Now should I wait 8 days to see if it is OK?

kapitainsky · June 14, 2023, 1:18pm

without this screen

I would think you are using testing... but not sure how to test it

My authentication makes it clear that app is published but not verified. my token never expires....

Fabio · June 14, 2023, 1:19pm

Screenshot 2023-06-14 alle 15.19.15

kapitainsky · June 14, 2023, 1:20pm

Have you created NEW remote and entered client_id and client_secret during the process?

Fabio · June 14, 2023, 1:21pm

of course... like you said...

kapitainsky · June 14, 2023, 1:21pm

Yes but now question is if token is bound to these new credentials - this is why I recommend to create new remote to be sure

Fabio · June 14, 2023, 1:21pm

I deleted the old one and created a new one

kapitainsky · June 14, 2023, 1:22pm

You will know in 8 days:) I have no way to check I am afraid. But all works for me.

Fabio · June 14, 2023, 1:26pm

...I will let you know. This is my last chance for rclone...

Fabio · June 23, 2023, 8:54am

I promised a report. After 9 days it is still working and renovating the token.

kapitainsky · June 23, 2023, 8:58am

Thank you for letting us know. And great news:)