Why does my Google OAuth2 connection in n8n expire after 60 minutes?

Below is some background and troubleshooting advice regarding your situation:

Why No Refresh Token?

Even though n8n automatically includes parameters like
  access_type=offline
and
  prompt=consent
in the OAuth request, Google only returns a refresh token the first time you grant consent. If the account you’re using has already granted access to your app, subsequent authorizations may simply return an access token (which expires after 60 minutes).

Testing Mode Considerations

For Google Cloud apps that are still in testing mode with an External user type, the OAuth tokens and consents expire after a certain period (up to 7 days in typical scenarios). However, once consent has been initially provided, Google won’t send a refresh token again unless the user re-consents.

Recommended Troubleshooting Steps

1. Revoke the Existing Consent:
   Check your Google Account’s “Security > Third-party apps with account access” (or a similar section) and remove your n8n app. This ensures that the next time you connect, Google will treat it as the first consent and return a refresh token.

2. Force Re-Consent:
   Alternatively, if you have control over your OAuth flows in n8n, ensure that the OAuth request forces consent every time by confirming that both the following parameters are applied on the first (and subsequent) connection:

   • access_type=offline
   • prompt=consent
     Although n8n handles this automatically, a prior consent might be causing Google to skip re-issuing a refresh token.

3. Consider Moving to Production (if applicable):
   As long as your use case permits testing mode (with tokens expiring after seven days upon re-consent), this may be acceptable. For longer-term connections without manual re-approval (or to consistently receive refresh tokens), consider moving your app to production. This step, however, might require compliance with additional requirements from Google.

Summary

The 60-minute expiration (lack of a refresh token) isn’t caused by an issue in n8n but results from the way Google’s OAuth flow works when prior consent exists. By revoking the previously granted permissions or forcing a fresh consent, you should get a refresh token on your next such connection.

Hope this helps resolve the issue with your connection!

Below is some guidance for troubleshooting your Google OAuth2 credential connection in n8n when you’re not receiving a refresh token.

Key Points to Check

• Google’s OAuth Behavior:
  Google access tokens typically last for 60 minutes. A refresh token is then needed to obtain a new access token. With Google Cloud apps in testing mode (with External user type), tokens and consent expire after seven days. However, your issue with a 60-minute connection suggests that a refresh token isn’t being returned at all.

• Automatic Parameters in n8n:
  n8n automatically adds the necessary OAuth parameters (like access_type=offline and prompt=consent) so that a refresh token should be generated. This means n8n isn’t missing these parameters on its own.

Potential Causes and Solutions

1. Existing Authorization without Offline Grant:
   If you or your users have already authorized the app without triggering the consent screen again (for example, because the authorization has been granted previously), Google may not issue a refresh token a second time.
   Solution:

   • Revoke access to the app in your Google account.
   • Reconnect the credential in n8n so that the full OAuth flow (including an offline consent prompt) is re-triggered.

2. OAuth Client Configuration Issues:
   Ensure that your OAuth 2.0 Client in Google Cloud Console is set up as a Web application, that the Redirect URI (https://oauth.n8n.cloud/oauth2/callback) is correct, and any previous credentials (if testing) are cleared so a fresh grant is made.

3. Testing Mode Limitations:
   Remember that if your app remains in testing mode, users must re-consent every 7 days. This behavior won’t cause a 60-minute token lifetime directly but may affect how refresh tokens are handled if the flow doesn’t fully perform an offline token grant.
   Solution:

   • If your flows can tolerate a 7-day period during testing, ensure that you’re logging out and back in to trigger the OAuth flow anew.
   • For long-term production use, consider moving your app to production.

Example Reconnect Steps

1. Revoke previous access from your Google Account settings.
2. In n8n, open the credentials modal for your Google OAuth2 Credential.
3. Click the OAuth button to reconnect.
   This ensures the consent screen comes up again and confirms that the OAuth parameters are applied.

If after these steps you still aren’t receiving a refresh token, double-check your OAuth client setup in Google Cloud Console. It can sometimes help to delete the OAuth client and create a new one to rule out any misconfigurations.

Let me know if you have any further questions regarding n8n and its integrations!