Support » Plugin: Site Kit by Google - Analytics, Search Console, AdSense, Speed » Google Site Kit invalid_grant invalid authorization code or refresh token

  • Resolved InHouse

    (@inhouse)


    Hello, I’m using the Site Kit plugin on roughly 50-60 sites and experiencing the same issue on all of them.

    Every few days I see an error on the dashboard widget that says “invalid_grant”.

    Also, in the Site Kit dashboard I see:

    Oops! There was a problem during set up. Please try again.
    Unable to receive access token because of an invalid authorization code or refresh token.

    /wp-admin/admin.php?page=googlesitekit-splash

    The setup is successful the first time as well as each one following but I’m wondering why this keeps happening. It’s time consuming to reconnect over and over.

Viewing 12 replies - 1 through 12 (of 12 total)
  • Plugin Support James Osborne

    (@jamesosborne)

    Thanks for opening a support topic and sharing details of what you’re encountering. This notice can appear if permissions were revoked somehow and indeed I can appreciate this is frustrating and time consuming. To try and determine why this is occurring for you regularly across your sites please share the following:

    1. Do you have multiple users who have access to your properties at Search Console level? If you have multiple WordPress administrators any of these can also setup Site Kit, thereby gaining access to any connected property.
    2. Do you have the same setup and environment for most of these sites? (ie. Do they use the same plugins and hosting provider?)
    3. Can you share your Site Health information for one of the sites which is impacted by this notice appearing? You can use this form to share privately if preferred.

    Let me know if you have any questions with the above.

    Thread Starter InHouse

    (@inhouse)

    1. I am the only ‘Admin’ user on any of our sites. No one else has access to the Site Kit settings.
    2. Most of our sites use the same base plugins and have a custom built theme (not an off the shelf/premium theme). Each site despite having a custom theme share a very similar setup and hosting environment on our VPS.
    3. I submitted the site health info via the Google form for one of the sites experiencing this issue.

    Is there a limit as to how many sites my google account can connect to? I can’t see why permissions would be revoked for any reason.

    Thread Starter InHouse

    (@inhouse)

    Sometimes I see this error on the /wp-admin dashboard after I revisit the site for the first time in a few days or a week:
    Additional Permissions Required: Site Kit can’t access the relevant data from Analytics because you haven’t granted all permissions requested during setup.

    Site Kit already has access to the permissions needed.

    Plugin Support James Osborne

    (@jamesosborne)

    Thanks for the update and sharing the additional insights. I believe there is a limit on site verifications with Search Console although this is a high number and shouldn’t impact a user of 50-60 sites. I’ll check this with the team to confirm. There is a quota limit for Analytics per Google account although this would also not be impacted with 50-60 Analytics accounts.

    Before I open a GitHub issue for you and perform some additional checks can you inform me of the below:

    1. Once you encounter the invalid_grant notice are you disconnected from all your sites at once or just on the site individually each time?
    2. Can you take a screenshot of this error showing any browser console errors on the same screen?
    3. Are all your sites on the same hosting platform? If you have any other WordPress sites hosted elsewhere with the same plugins setup have you encountered the same error at any stage?

    From inspecting your Site Health information I didn’t notice anything unusual such as plugins that may impact your Google Services connection. Once we have the above I’ll create a GitHub issue and we can investigate this further.

    Thread Starter InHouse

    (@inhouse)

    1. No, this seems to be limited to each individual site. If I reconnect a site, the others are unaffected. Similarly, when one disconnects, the others do not disconnect until ‘their time comes’.
    2. Screenshot of console errors: https://www.dropbox.com/s/mdllh6ckynww1l7/Screen%20Shot%202021-09-30%20at%208.21.31%20AM.png?dl=0
    3. All our sites are hosted at MediaTemple on our VPS. The same exact hosting environment which I personally manage. PHP is 7.4.23
    Plugin Support James Osborne

    (@jamesosborne)

    Thanks for providing an update. I’ll need to check this with the team while also performing some checks on my side. It’s possible that with the amount of sites with Site Kit enabled you may be encountering a API refresh token limit, which is separate to having a large number of accounts. (ie. You can have up to 100 accounts, but using Analytics API has more restrictions). You’ll find more information from the experience of another user in a previous GitHub issue.

    Please allow me some time to get more insights on this and provide an update here. I’ll hopefully have an update for you early next week.

    Note that as this is likely API restriction per Google account related one recommendation as mentioned in the GitHub issue is to propose users set up the plugin with their own individual WordPress administrator account. Providing they use their own Google account to setup the plugin during the OAuth connection process they can then also connect Analytics themselves and provide access to your own Google account. After doing so you’ll be able to setup the plugin from your own WordPress administrator account and once connected you’ll be able to view data within the Analytics dashboards while remaining connected.

    Let me know if you have any questions on this in the meantime.

    Thread Starter InHouse

    (@inhouse)

    The proposed solution doesn’t work for agencies like ours where our clients are not given the Admin role. We manage each site for our clients and make them Editors so they can’t break anything major and don’t have access to plugin settings. Clients don’t need to be connecting Google Analytics and half of them don’t even know what a Google Search Console is. I myself am the only person who builds and maintains our sites so there’s no conceivable way to use a different account to set up Site Kit.

    We previously used the “Google Analytics for WordPress” plugin until Monsterinsights took over and ruined it. How does a plugin like that not run into API limits/restrictions?
    https://wordpress.org/plugins/google-analytics-for-wordpress/

    Plugin Support James Osborne

    (@jamesosborne)

    Thanks for sharing your use case. Understandable this suggestion isn’t ideal in your case.

    I will check for any API limitations with the team and report back to you here. If this is an API limitation I’m not aware of any other workarounds at present but as mentioned I’ll take it up with the team and report back to you here. Other plugins are also restricted to the API restrictions for individual user accounts.

    Plugin Support James Osborne

    (@jamesosborne)

    @inhouse Many thanks for your patience on this. I’ve spoken with the team and what you’re encountering is as a result of OAuth limitations, with 50 per Google account permitted at any once time. If you reach this level of connected sites then the site you connected with Site Kit will become disconnected, after connecting site 51, and so on.

    So what you’re encountering is not Analytics quota related, rather an OAuth limit being reached. You’ll find more on this below:
    https://developers.google.com/identity/protocols/oauth2

    One alternative suggestion other than requesting users setup the plugin is to create different Google accounts while limiting the amount of sites connected with Site Kit on each. Sorry I can’t be of more assistance on this.

    Thread Starter InHouse

    (@inhouse)

    I’m really sorry to hear this. This is a serious design flaw. We’ll need to uninstall Site Kit and switch to a different plugin. You should mention this limitation in the plugin description that this is not designed for agencies or managed sites.

    Plugin Support James Osborne

    (@jamesosborne)

    Sorry to hear of your preference to uninstall the plugin. What you’re encountering is an OAuth limitation, as opposed to any restriction set by the plugin. I will however pass on your feedback. Note also that other plugins or applications that use the OAuth authentication protocol are also restricted to what the framework provides.

    Thread Starter InHouse

    (@inhouse)

    This is less of a preference and more of a requirement. I understand the OAuth limitation and we’ll be using a plugin that doesn’t use OAuth. Thanks anyway for troubleshooting this issue.

Viewing 12 replies - 1 through 12 (of 12 total)
  • The topic ‘Google Site Kit invalid_grant invalid authorization code or refresh token’ is closed to new replies.