gmail token expired after 1 week

[gregbert42]

Describe the bug/problem

After setting up gmail to work successful, 1 week later it no longer works. in the log i see:

[2025-02-05 20:25:36,145] ERROR {cps.tasks.mail:199} ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})

To Reproduce

Steps to reproduce the behavior:
As described

Logfile

Traceback (most recent call last):
  File "/app/calibre-web/cps/tasks/mail.py", line 170, in run
    self.send_gmail_email(msg)
  File "/app/calibre-web/cps/tasks/mail.py", line 225, in send_gmail_email
    gmail.send_messsage(self.settings.get('mail_gmail_token', None), message)
  File "/app/calibre-web/cps/services/gmail.py", line 93, in send_messsage
    creds.refresh(Request())
  File "/lsiopy/lib/python3.12/site-packages/google/oauth2/credentials.py", line 409, in refresh
    ) = reauth.refresh_grant(
        ^^^^^^^^^^^^^^^^^^^^^
  File "/lsiopy/lib/python3.12/site-packages/google/oauth2/reauth.py", line 366, in refresh_grant
    _client._handle_error_response(response_data, retryable_error)
  File "/lsiopy/lib/python3.12/site-packages/google/oauth2/_client.py", line 69, in _handle_error_response
    raise exceptions.RefreshError(
google.auth.exceptions.RefreshError: ('invalid_grant: Token has been expired or revoked.', {'error': 'invalid_grant', 'error_description': 'Token has been expired or revoked.'})

Expected behavior

Self evident

Screenshots

not needed

Environment (please complete the following information):

host: Linux 6.6.65-1-lts #1 SMP PREEMPT_DYNAMIC Wed, 11 Dec 2024 15:35:54 +0000 x86_64 GNU/Linux

docker container:

  calibre-web:
    image: lscr.io/linuxserver/calibre-web:latest
    container_name: calibre-web
    volumes:
      - /mydir/config:/config
      - "mydir/Book Library/:/books"
    ports:
      - 8085:8083
    restart: unless-stopped
    environment:
      - PUID=1002
      - PGID=1002
      - TZ=America/New_York
      - DOCKER_MODS=linuxserver/mods:universal-calibre
      - OAUTHLIB_RELAX_TOKEN_SCOPE=1

• Calibre-Web version: 0.6.24
• Docker container: see docker compose:
• Special Hardware: amd64
• Browser: Chrome

Additional context
my gmail uses 2fa, which i was successful at authenticating past.

[mitch-e]

I have also had the same issue which I have hopefully fixed.

I came across this post on Stack Overflow that mentioned something about the app needing to be published in order for Auth token to keep being refreshed.

I looked through the original Gmail setup thread again and found where the 'Publish' button is:

After publishing the App, Google will complain about it needing to be verified, you don't have to worry about that. It will just make you click a few more things when you run the link back through your web browser from the docker container.

After I published the app, I downloaded an replaced my gmail.json file again, just in case it needed it.

I have no idea if this will actually work, but it is the best I have found so far Fingers are crossed

[mitch-e]

I have also had the same issue which I have hopefully fixed.

I came across this post on Stack Overflow that mentioned something about the app needing to be published in order for Auth token to keep being refreshed.

I looked through the original Gmail setup thread again and found where the 'Publish' button is:

After publishing the App, Google will complain about it needing to be verified, you don't have to worry about that. It will just make you click a few more things when you run the link back through your web browser from the docker container.

After I published the app, I downloaded an replaced my gmail.json file again, just in case it needed it.

I have no idea if this will actually work, but it is the best I have found so far Fingers are crossed

@gregbert42 , I have left this for a week and it seems to still be sending emails successfully.
Hopefully this works for you too?

[gregbert42]

I’ve re-authenticated now, again thanks to @mitch-e s awesome instructions. I’ve published the app, the Google talks about sending it for approval and a bunch of other stuff and wanted a YouTube video explaining how I was gonna use the scope. If someone actually reviews what I put, I may be rejected. but I guess we’ll give it a week and see if it still works.

[mitch-e]

I’ve re-authenticated now, again thanks to @mitch-e s awesome instructions. I’ve published the app, the Google talks about sending it for approval and a bunch of other stuff and wanted a YouTube video explaining how I was gonna use the scope. If someone actually reviews what I put, I may be rejected. but I guess we’ll give it a week and see if it still works.

@gregbert42 , you should not actually need to perform the verification with Google, just the initial publish bit should be fine.
My "app" will forever be waiting on verification as I didn't send it to them to be verified. (This way the app never goes fully public and other people cannot use my app but me)

[Source]https://stackoverflow.com/questions/66058279/token-has-been-expired-or-revoked-google-oauth2-refresh-token-gets-expired-il)