Programmatically Revoke OAuth Token
3,005 views
Skip to first unread message
James Andrews
May 10, 2016, 12:54:31 PM5/10/16
to AdWords API Forum
I have a situation where a client has an Adwords manager that is linked to another Adwords account but has not been granted permission by that user. When they go to authenticate we are thrown an exception that permission is not granted, but because Oauth is not tied to this 2nd call their Oauth tokens are valid. I want to revoke this token so they can come back and go through the process again when they have been granted permission, yet I see no way to revoke even though in the regular Google API there is a revokeToken() function in the "Client" object. Does Adwords not have this?
Shwetha Vastrad (AdWords API Team)
May 10, 2016, 1:50:00 PM5/10/16
to AdWords API Forum
Hi James,
The refresh token is associated with the Google account in general and is not specific to AdWords. You can revoke access by visiting Account Settings. But in this scenario, revoking the refresh token will not help as it is tied to the AdWords Manager account. You'll still be able to get a valid refresh token, but encounter the USER_PERMISSION_DENIED authorization error when you try to make API requests against the linked AdWords account.
I would suggest that you redo the process of granting access so that the manager account has the required permissions.
Regards,
Shwetha, AdWords API Team.
James Andrews
May 10, 2016, 2:08:38 PM5/10/16
to adwordsapiad...@google.com, AdWords API Forum
Shwetha,
6 months ago when we started working with Adwords API I had tried using the Google API to generate my access/refresh tokens as we do with other Google products. This did not work however when we were trying to connect with Adwords. We resorted to having to use the Adwords API code in order to generate our access/refresh tokens. While use the refresh token may be associated with the account it is generated with the Adwords PHP API which is why I am asking the question here, because I know how to revoke the token using the Google API.
Yes, I realize revoking the tokens won’t fix the overall problem, but when a customer authenticates we only want to save their tokens when the account is properly linked to the Adwords Manager Account. If we don’t revoke access, then the next time we bring them to the authorization page we’ll be handed a access token but no refresh token and that won’t work because we do things offline and require the refresh token.
So i will ask again. Is there a way for us to programmatically revoke the user’s tokens with the AdwordsAPI like you can with the regular Google API? Yes or no, if yes then how.
Thanks,
James
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwor...@googlegroups.com
To unsubscribe from this group, send email to
adwords-api...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "AdWords API Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/adwords-api/4WNjPTkF7Cw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to adwords-api...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/28f96cac-af23-448f-aeec-1600064cbea0%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Shwetha Vastrad (AdWords API Team)
May 10, 2016, 5:22:11 PM5/10/16
to AdWords API Forum, adwordsapiad...@google.com
Hi James,
If the OAuth2.0 credentials you have are for a Web application, then the refresh token can be revoked programmatically by calling "$client->revokeToken()". For installed applications, you could use below code to revoke the token using C# client library.
AdsOAuthProviderForApplications oAuth2Provider = (user.OAuthProvider as AdsOAuthProviderForApplications);
oAuth2Provider.RevokeRefreshToken();
oAuth2Provider.RevokeRefreshToken();
Unfortunately, a similar option is not available in the PHP library for installed applications.
James Andrews
May 10, 2016, 8:48:17 PM5/10/16
to adwordsapiad...@google.com, AdWords API Forum
This is not for a web application, and $client->revokeToken() does not exist in the php library for Adwords like it does for the standard Google API.
These are the 2 classes that are used for handling Oauth2 for Adwords API
Neither of them have a revoke function in them. What you are suggesting does not work with what we are using, as I stated before I started out trying to use refresh/access tokens from GoogleAPI Oauth, and it didn’t work I had to use the Google Adwords API to initiate Oauth.
Please escalate this issue because apparently you don’t know the answer and aren’t reading completely what I’ve said in the past 2 emails and I don’t need to go back and forth over and over to get an answer for the Google Adwords API.
James
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwor...@googlegroups.com
To unsubscribe from this group, send email to
adwords-api...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "AdWords API Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/adwords-api/4WNjPTkF7Cw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to adwords-api...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/04265b91-82b8-455d-9d96-b3709792321a%40googlegroups.com.
Josh Radcliff (AdWords API Team)
May 11, 2016, 2:55:19 PM5/11/16
to AdWords API Forum, adwordsapiad...@google.com
Hi James,
You are correct that the current Ads PHP library does not support revoking a refresh token. We are in the process of rolling out a new and improved library that uses the Google Auth PHP library -- please see the related issue on github.
For your use case, instead of revoking the refresh token when you find that it does not provide access to the user's account, could you simply discard the stored refresh token for that user, then redirect them through your OAuth flow and store the newly acquired token?
Thanks,
Josh, AdWords API Team
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "AdWords API Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/adwords-api/4WNjPTkF7Cw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to adwords-api+unsubscribe@googlegroups.com.
James Andrews
May 11, 2016, 6:11:50 PM5/11/16
to adwordsapia...@google.com, AdWords API Forum, adwordsapiad...@google.com
Hi Josh,
That’s the problem if Google gives us a valid refresh token, unless it is expired/revoked when the user is brought through the re-authentication problem no additional refresh token is provided. Thank you for confirming that the library currently does not revoke access. The issue you linked to mentions a “beta” can you link to that or tell me more about that, so I can see if maybe we can use that instead with the Google Auth library?
Thanks,
James
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to a topic in the Google Groups "AdWords API Forum" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/adwords-api/4WNjPTkF7Cw/unsubscribe.
To unsubscribe from this group and all its topics, send an email to adwords-api...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/373a6743-4c43-4f24-863d-23ccee03138b%40googlegroups.com.
Josh Radcliff (AdWords API Team)
May 12, 2016, 8:33:36 AM5/12/16
to AdWords API Forum, adwordsapia...@google.com, adwordsapiad...@google.com
Hi James,
The new version of the PHP library is available on the experimental branch:
One idea: to get around the issue you described, you might try extending OAuth2Handler and overriding the $params passed at line 83 to include the prompt parameter set to consent. That should force the generation of a new refresh token. Is that feasible?
Thanks,
Josh, AdWords API Team
Reply all
Reply to author
Forward
0 new messages