{ "error": "unauthorized_client", "error_description": "Unauthorized" }

[Nobuyoshi Shimmen]

Hi, 

When we make a post request for `https://oauth2.googleapis.com/token` to generate an access token, we get an error like this: `401 Unauthorized` response: { "error": "unauthorized_client", "error_description": "Unauthorized" } in our app in production.

We are using a refresh token obtained by OAuth2 authentication.

This is the first time we see this error, so we don't know why this is happening and how to fix it.

Could you please help us? We have a detailed request and response log ready.

[Google Ads API Forum Advisor]

Hi,

Are you using the same client when authorizing in the application and when updating the token on the server? I recommend double checking the client credentials.

Thanks,

Lakshmi Prathipati Google Ads API Team

 

ref:_00D1U1174p._5004Q2LnpzF:ref

[Nobuyoshi Shimmen]

Thanks for your response.

Yes, we are using the same client credentials(clientId, clientSecret).

Best,

2021年8月18日水曜日 2:59:59 UTC+9 adsapi:

[Nobuyoshi Shimmen]

Hi,

I was wrong. We're not using the sale credentials.

Sorry for taking your time.

Thanks,

2021年8月18日水曜日 9:57:50 UTC+9 Nobuyoshi Shimmen:

[Nobuyoshi Shimmen]

Hi again,

We are using the same client credentials but still we got this error: AuthenticationError.OAUTH_TOKEN_INVALID

I dumped out the content of request and response where I replaced some confidential info with xxx

We are using this package `https://pkg.go.dev/golang.org/x/oauth2` to generate an accessToken and using it to generate an ad report.

Also we have no problems like this with other google accounts. This is the first time happening to us.

request

POST /api/adwords/reportdownload/v201809 HTTP/1.1

Host: adwords.google.com

User-Agent: curl, gzip

Content-Length: 117

Accept: */*

Authorization: Bearer

Clientcustomerid: XXX-XXX-XXXX

Content-Type: application/x-www-form-urlencoded

Developertoken: xxxxxxxx

Includezeroimpressions: false

Skipcolumnheader: false

Skipreportheader: true

Skipreportsummary: true

Userawenumvalues: true

Accept-Encoding: gzip

__fmt=GZIPPED_CSV&__rdquery=SELECT+AccountDescriptiveName+FROM+ACCOUNT_PERFORMANCE_REPORT+DURING+20210829%2C+20210829

response

HTTP/2.0 400 Bad Request

Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000,h3-T051=":443"; ma=2592000,h3-Q050=":443"; ma=2592000,h3-Q046=":443"; ma=2592000,h3-Q043=":443"; ma=2592000,quic=":443"; ma=2592000; v="46,43"

Cache-Control: private, max-age=0

Content-Security-Policy: frame-ancestors 'self'

Content-Type: text/xml

Date: Wed, 18 Aug 2021 01:36:54 GMT

Expires: Wed, 18 Aug 2021 01:36:54 GMT

Server: GSE

X-Content-Type-Options: nosniff

X-Frame-Options: SAMEORIGIN

X-Xss-Protection: 1; mode=block

<?xml version="1.0" encoding="UTF-8" standalone="yes"?><reportDownloadError><ApiError><type>AuthenticationError.OAUTH_TOKEN_INVALID</type><trigger>&lt;null&gt;</trigger><fieldPath></fieldPath></ApiError></reportDownloadError>

2021年8月18日水曜日 10:10:17 UTC+9 Nobuyoshi Shimmen:

[Nobuyoshi Shimmen]

Hi,

I just checked the accessToken with the following url

`https://www.googleapis.com/oauth2/v1/tokeninfo?access_token=`

and found out the scopes are somehow different than normal ones.

We are going to dig into this.

Thanks for your time.

Best,

2021年8月18日水曜日 11:00:45 UTC+9 Nobuyoshi Shimmen:

[Google Ads API Forum Advisor]

Hi Nobuyoshi,

Thank you for providing updates to our team.

I can see that you are using a third-party tool, with this, I am afraid that we wouldn't be able to provide support if issue was encountered there. However, that third-party tool should also performing the steps discussed here on its backend. You may check that document to know if parameters are correctly set there in order to successfully authenticate your API requests.

Let me know if you have further questions.

Regards,

Ernie John Blanca Tacata Google Ads API Team

ref:_00D1U1174p._5004Q2LnpzF:ref