"Invalid_grant" Auth0 Error When Using Groups Feature With Google Workspace Integration
Customers using a Google Workspace enterprise connection with the Enable Users API option (to fetch groups) may encounter an invalid_grant error in their Auth0 logs. This typically occurs when Auth0 has not been authorized to access the Google Workspace directory, even if the correct API scopes have been configured on the Google side.
invalid_grant
- Auth0
- Google Workspace Integration
- Google Workspace Groups
- Enable Users API
The invalid_grant error occurs because Auth0 requires explicit authorization from a Google Workspace administrator to access the directory. While customers may have configured the correct API scopes (such as admin.directory.user.readonly, admin.directory.group.readonly, and admin.directory.group.member.readonly) and set up Domain-Wide Delegation, the final authorization step within the Auth0 Dashboard was not completed.
How is the invalid_grant error in Auth0 resolved when using a Google Workspace enterprise connection with Enable Users API?
Complete the authorization process by following these steps:
- Navigate to the Google Workspace enterprise connection in the Auth0 Dashboard.
- Select the Setup tab.
- Click the Continue link while signed in with a Google Workspace administrator account.
- Follow the prompts on the Google side to grant Auth0 the necessary permissions to access the Google Workspace directory.
NOTE: If the person configuring Auth0 is not the Google Workspace domain administrator, they can copy the URL provided on the Setup tab and share it with their administrator to complete the authorization on their behalf.
