I followed the instructions at https://vdirsyncer.pimutils.org/en/stable/config.html#google to configure synchronization between my Google Contacts and my local filesystem.

$ vdirsyncer --version
vdirsyncer, version 0.18.0

$ uname -mprsv
Darwin 20.6.0 Darwin Kernel Version 20.6.0: Mon Aug 30 06:12:21 PDT 2021; root:xnu-7195.141.6~3/RELEASE_X86_64 x86_64 i386

$ cat ~/.config/vdirsyncer/config
[general]
status_path = "~/.vdirsyncer/status/"

[pair matt_contacts]
a = "matt_contacts_local"
b = "matt_contacts_remote"

collections = ["from a", "from b"]

metadata = ["displayname"]

[storage matt_contacts_local]
type = "filesystem"
path = "~/.contacts/"
fileext = ".vcf"

[storage matt_contacts_remote]
type = "google_contacts"
token_file = "~/.matt_contacts_remote.vdirsyncer.token_file"
client_id = "..."
client_secret = "..."

$ vdirsyncer discover

I found the following information indicating that the flow vdirsync is using is deprecated.

OAuth out-of-band (oob) flow will be deprecated
OAuth out-of-band (OOB) is a legacy flow developed to support native clients which do not have a redirect URI like web apps to accept the credentials after a user approves an OAuth consent request. The OOB flow poses a remote phishing risk and clients must migrate to an alternative method to protect against this vulnerability. New clients will be unable to use this flow starting on Feb 28, 2022.

What do I need to do
Determine if your app is using the OOB flow
You can inspect your app code or the outgoing network call (in case your app is using an OAuth library) to determine if the Google OAuth authorization request your app is making has the following values for “redirect_uri” parameter.

redirect_uri=urn:ietf:wg:oauth:2.0:oob or urn:ietf:wg:oauth:2.0:oob:auto or oob

I have not been able to reproduce the success noted in the similar issue #970 (comment) .