Google

invalid_grant — Invalid grant

Auth code/refresh token invalid/expired/redeemed.

Riposte solution

The authorization code or refresh token is no longer valid (expired or already used). You'll need to get a fresh token. Use Riposte to start a new OAuth flow with /auth/sessions so the user can re-authorize the account. Ensure you're using the correct redirect URI and that the new token is for the intended Google account.

Quick facts

Provider: Google
Endpoint / surface: OAuth 2.0
Status code: 400

Why it happens

[Expired code; Refresh token revoked; Wrong tenant]

How to fix it

[Get new code; re-auth user; ensure token redeemed in correct tenant]