Unable to fetch refresh token: invalid_grant.

  • 1 February 2022
  • 2 replies

Userlevel 3

What should happen when Zapier receives an ‘invalid_grant’ reply from the authorisation server when it asks to refresh token?  It seems to me that in my attempt at inegration it keeps asking using the same token and nothing ever gets reset.

This post has been closed for comments. Please create a new post if you need help or have a question about this topic.

2 replies

Userlevel 1
Badge +1

Hey Kevin!

I'm Christian from Zapier's Platform Support team and I'll be happy to help with this.

Within the OAuth v2 Endpoint Configuration section of your app, you’ll find an option called “Automatically Refresh Token”. By enabling this option, your Zapier app will automatically run the “Refresh Token Request” (also defined in the same section) when it receives an HTTP 401 from your API.

Could you confirm whether this option is currently enabled for your app?

If you suspect that there might be an issue within your “Refresh Token Request”, the first suggestion I’d make would be verifying that any variables included there are resolving as you’d expect. To do this, you might like to refer to the Environment Variables section of our documentation to confirm that the function uses the correct Zapier Data Bundles.

Does that help to get you pointed in the right direction? Please let us know if we can offer further clarity :)

Userlevel 3


Thank you for responding to my question.

I have tried the code with automatic refresh on and it wasn’t working. When you responded it was turned off, but only because I wanted to examine the variables more carefully from the initial token request while I was working on it on Friday. It was easier to see the results in the log on our system that way.

The issue I found on Friday is that Zapier was sending back the wrong tokens in both cases. The inital OAuth2 handshake receives a new token and Zapier sends back an invalid one when I test the Authentication. The token being sent as refresh token is also the wrong one. I can only assume that it is an old one as our system only keeps the current token.

Originally I was trying to use form mode and the OAuth2 handshakes appeared to work without me having to specify any vaiables in the body with tokens.

I am now trying to use code mode as our API always returns an object with the required data array inside, so i will have to extract the array for zapier.

I was assuming that zapier itself is reading the access and refresh tokens and sending the correct ones back

I have some questions triggered by your suggestion to read about environment variables:

1/ In the access token request code should I save the access and refresh tokens from the response in suitable environment varaiables or does zapier do that for me?

2/ In the refresh token request code do I need to include the refresh token in the code myself or will zapier add it for me?

3/ When making an API call should I be including the access token I saved myself from the OAuth handshake or one that zapier has saved? Where would Zapier have saved that token if that is the case?

Thanks in advance.

Kevin Roche