Auth Caching on Java Client Library v201109

[stepanian]

When I create an AdWordsUser object using the Java client library v201109, does it cache the authentication token behind the scenes? 

If no, do I need to account for it manually? How?

If yes, does it also do it when creating AdWordsUser objects in separate threads (processes)? 

Recently I have been getting the "CAPCHA Required" message when running automatic operations and I am suspecting that I am not properly caching the authentication token. 

If running operations in separate threads, how do I make sure that the authentication token is cached? 

Thanks.

[Oliver]

This recent thread discusses what needs to be cached:

https://groups.google.com/forum/?fromgroups#!topic/adwords-api/xr8pRG8NkF8[1-25]

Oliver

[stepanian]

Oliver, 

Thank you very much for responding to me and attaching the link. 

I looked at the thread thoroughly. I'm not 100% sure if the answer to my first question is yes or no. 

Tozor said that "from looking at the stack trace, it looks like the Adwords client library is actually reloading the auth token". So, the answer to my first question is yes - the AdWordsUser is caching the token. However, later he says "we are caching the AdwordsUser instance in our code (which contains the token)". So, it seems like, if he has to cache the AdWordsUser instance, then it is not done automatically by the library, so the answer to my first question is no. 

Assuming the answer to my first question is no, my operation is looping through many accounts and running operations on them. Each operation must create a new AdWordsUser because the AdWordsUser instance is tied to an account. Is that also the case for the AuthToken? If each AuthToken is tied to an account, then running operations on multiple accounts, each with its own AuthToken shouldn't generate the CAPTCHA error, right? 

Finally, if I was able to create an AdWordsUser instance for each of the accounts and store them for a week, can I just reuse them? Should I serialize the objects to disk? How are others storing the AdWordsUser objects?

[stepanian]

OK - this is what I got so far - I just need a confirmation that this is correct: 

1) It seems like the auth token is associated with a user only not with an account (in other words, the client email is tied to the auth token).

2) The AuthToken object can be created from an email and a password. Once created, you can use the getAuthToken method on the AuthToken object to get a String representation of the auth token. This String can be stored for later use.

3) You can associate the string representation of a previously created AuthToken with an AdWordsUser instance using the method setAuthToken on the AdWordsUser object.

This way, you can keep the auth token string around for multiple uses. 

Assuming this is correct, I have one more question: Currently, when I create an AdWordsUser instance, I don't manually associate an auth token with it. It somehow happens by itself. When does that happen? If I manually attach an auth token to the AdWordsUser instance, does that stop it from getting a new one? 

[Danial Klimkin]

Hello stepanian,

The AuthToken is valid for up to two weeks. Please note it is very sensitive string as it grants access to the account in full, not just AdWords.

To avoid this we recommend to use OAuth2.0 instead which is supported by all our libraries. With OAuth the token does not expire and it is limited to the AdWords services only. You can also revoke the token at any time.

Please see the library documentation for more details on OAuth2.0 flow.

As per the last question, it looks like the library is reading the data from adwords.properties file.

-Danial, AdWords API Team.

[Kevin Winter]

Hi,

  The AdWordsUser class, when constructed without arguments, reads values from the adwords.properties file.  It will automatically request an AuthToken once you make a request that needs it - afterwords, you can retrieve the AuthToken from the AdWordsUser.  You should be able to construct an AdWordsUser with null/empty username and password and set the AuthToken before using the user - this will allow you to re-use a single token for the recommended two weeks.

- Kevin Winter

AdWords API Team