I’m working with a Google Drive OAuth integration and facing a strange issue. When I first launched my application, everything worked perfectly - the database was empty, the app inserted the necessary values, and authentication completed successfully.
However, after I cleared the database table (using truncate), the refresh_token field is now coming back as null, which causes my application to crash. I’m confused because this should be the same scenario as the initial run when the database was empty.
The error I’m getting shows:
Error during OAuth2 authentication: 'invalid_grant'
Database error: Column 'refresh_token' cannot be null
PDOException: Integrity constraint violation in auth_manager.php:156
Why would clearing the database cause the refresh token to be null when it worked fine on the first run with an empty database? What’s different about the authentication flow after truncating the table?
google’s oauth flow kinda memorizes your consent, so when you auth again after clearing the db, it’s not sending a refresh token. try adding approval_prompt=force or prompt=consent in the oauth url to make it show the consent screen again and regenerate your refresh token.
This happens because Google’s OAuth only gives you a refresh token the first time a user authorizes your app. After that, you just get access tokens since Google thinks you already have the refresh token stored. When you wiped your database, you lost that refresh token, but Google still thinks your app is authorized. You need to completely revoke access first. Either remove your app from the authorized apps at https://myaccount.google.com/permissions or hit Google’s revoke endpoint. Then the next OAuth flow will treat it like a fresh authorization and give you a new refresh token.
Had this exact problem last month with a similar integration. Google’s OAuth service keeps state separately from your database. When you truncated your local table, you only cleared your app’s storage - but Google’s servers still remember your app was already authorized by that user. The refresh token only gets provided during the initial consent flow, not when they authorize again. To fix this without manually revoking access, add access_type=offline and approval_prompt=force to your OAuth request. This forces Google to treat it like the first time, so you’ll get a fresh refresh token. Just make sure both parameters are in your OAuth URL when redirecting users to Google’s authorization endpoint.