Google Client Invalid JWT: Token must be a short-lived token
Invalid_grant error has two common causes:
Your server’s clock is not in sync with NTP.
Solution: Check the server time. If it's incorrect, fix it.
The refresh token limit has been exceeded.
Solution: Nothing you can do - they can't have more refresh tokens in use.
Applications can request multiple refresh tokens. For example, this is useful in situations where a user wants to install an application on multiple machines. In this case, two refresh tokens are required, one for each installation. When the number of refresh tokens exceeds the limit, older tokens become invalid. If the application attempts to use an invalidated refresh token, an invalid_grant error response is returned.
The limit for each unique pair of OAuth 2.0 client and is 50 refresh tokens (note that this limit is subject to change). If the application continues to request refresh tokens for the same Client/Account pair, once the 26th token is issued, the 1st refresh token that was previously issued will become invalid. The 27th requested refresh token would invalidate the 2nd previously issued token and so on.
Update
Applications in testing phase have their refresh tokens revoked after seven days. Go to Google cloud console for your project and under oauth2 set it to production.
Fixed the issue for me in 2020.
- If on Windows, right click the date and time on the lower right.
- Click "Adjust Date/Time".
- Click "Sync now."
WOW!!! This ended up being something really stupid. I am running Laravel's homestead as my dev server. I mostly assumed that the clocks on my VM and local machine would be synced. At least at the time of creation. But, I went a couple weeks without using this machine, so (I'm guessing), the VMs clock wasn't running while this computer was in hibernation, or the clocks were never in sync. Regardless, the issue is that my vm's clock was about 9 days behind my system clock. That was causing the issue.