After hours of searching and not finding any information on the topic, I wanted to prevent a headache for the next guy who has to code against Google’s user directory API.
If you’ve had a solution working for a while, and all of a sudden your logs start to be filled with errors like this:
Google.Apis.Auth.OAuth2.Responses.TokenResponseException: Error:”invalid_grant”, Description:””, Uri:””
The solution is as simple as checking the time is synchronized to match what Google has. If your server has a time that is even 1 minute in the future off, Google will send an exception of “Invalid_Grant” due to a request claiming to come from the future.
*Edit*: Found info on Google here.