The error Authorized email doesn't match provided email during token validation
stems from a mismatch between the email address provided in the authorization request /connect/authorize
and the one linked with the provided Google refresh token.
Â
Example Scenario:
Let's consider a practical example to understand this better: You initiate an authorization request /connect/authorize
with the payload:
Â
{
"client_id": "e4b*********4mi33v6",
"name": "another_test",
"email_address": "another_test@nylas.com",
"provider": "gmail",
"settings": {
"google_refresh_token": "1//09xBRPWjX-**********************wLP9iSJrpHmqEQtQ77dN5o3aEF7JQX3L8qa82rG0",
"google_client_id": "100**************googleusercontent.com",
"google_client_secret": "q********e6d396"
},
"scopes": "calendar"
}
In this payload, even though you're trying to authenticate the email address another_test@nylas.com, the google_refresh_token provided corresponds to a different email address, say test@gmail.com. This discrepancy leads to the aforementioned error.
Â
The Solution
The fix for this error is straightforward but needs careful attention:
-
Check the Refresh Token Source: Ensure that the google_refresh_token in your payload is generated for the same email address you're trying to authenticate. For instance, if you're authenticating another_test@nylas.com, the refresh token should also belong to another_test@nylas.com.
-
Reinitiate Authentication: If there is a mismatch, reinitiate the authentication flow for the desired email address and obtain a new refresh token.
-
Review Application Permissions: If you're generating refresh tokens programmatically, ensure that your application has the required permissions to access the desired scopes.
- Double-Check Email Inputs: It might sound simple, but typos or using different email aliases can lead to this error. Ensure that the email address you're using throughout the authentication process is consistent.
Â
Resources
Updated
Comments
0 comments
Please sign in to leave a comment.