- Newest
- Most votes
- Most comments
Firstly, Please make sure you are following all the requirements listed in the document: https://docs.aws.amazon.com/appflow/latest/userguide/google-analytics.html#googleanalytics-requirements
-
Create a new OAuth 2.0 client. Set the application type as Web application.
-
Set the authorized JavaScript origins URL to https://console.aws.amazon.com/.
-
Set the authorized redirect URL as follows:
https://console.aws.amazon.com/appflow/oauth for the us-east-1 Region
https://region.console.aws.amazon.com/appflow/oauth for all other Regions
- Provide Amazon AppFlow with your client ID and client secret. After you provide them, you are redirected to the Google login page. When prompted, grant Amazon AppFlow permissions to access your Google Analytics account.
Looking at the error code:
Error authenticating to connector: Login failed with status code 400: { "error": "invalid_grant", "error_description": "Token has been expired or revoked." } {requestUri=https://www.googleapis.com/analytics/v3/metadata/ga/columns, instanceUrl=https://analyticsreporting.googleapis.com}
This looks like an issue from Google Analytics API end. From the Google documentation: "Authorizations by a test user will expire seven days from the time of consent. If your OAuth client requests an offline access type and receives a refresh token, that token will also expire." Kindly check if you token was working previously and expired after approx 7 days?
Setting up theOAuth consent screen doc: https://support.google.com/cloud/answer/10311615#zippy=%2Cinternal%2Cexternal%2Cin-production%2Ctesting
Possible solutions:
- Visit the OAuth consent screen and click on the publish button to change from the testing status to the published status.
- Generate a new refresh token (existing one is most likely revoked).
This occurs when you are authenticating via a Google Cloud OAuth consent screen which is in 'Testing' mode. To prevent the token from expiring after 7 days you need to add your Google Cloud project to the Google Cloud organization linked to your company's domain name and then publish the OAuth consent screen as 'Internal'. This enables any user with an e-mail address in your company's domain to authenticate via your OAuth app, provided that user has first been added to the Google Workspace or Google Cloud Identity organization, and they are also a user in Analytics 360. We managed to get it working using these instructions:
Relevant content
- asked 7 months ago
- AWS OFFICIALUpdated 2 years ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago
- AWS OFFICIALUpdated a year ago