com.google.api.ads.common.lib.exception.OAuthException: Credential could not be refreshed.

[Fatma Ben Hamza]

Hi,

I use Google Ads API java client library v201605

Today, I I tried to generate a credential using a refresh token, but disn't work. I obtain this exception:

com.google.api.ads.common.lib.exception.OAuthException: Credential could not be
refreshed.
        at com.google.api.ads.common.lib.auth.OfflineCredentials.generateCredent
ial(OfflineCredentials.java:178)
        at Processor$DownloadReport.report(DownloadReport.java:48)
        at Processor.processRow(Processor.java:242)
        at org.pentaho.di.trans.steps.userdefinedjavaclass.UserDefinedJavaClass.
processRow(UserDefinedJavaClass.java:1181)
        at org.pentaho.di.trans.step.RunThread.run(RunThread.java:50)
        at java.lang.Thread.run(Unknown Source)
Caused by: com.google.api.client.auth.oauth2.TokenResponseException: 400 Bad Req
uest
{
  "error" : "invalid_grant"
}
        at com.google.api.client.auth.oauth2.TokenResponseException.from(TokenRe
sponseException.java:105)
        at com.google.api.client.auth.oauth2.TokenRequest.executeUnparsed(TokenR
equest.java:287)
        at com.google.api.client.auth.oauth2.TokenRequest.execute(TokenRequest.j
ava:307)
        at com.google.api.client.auth.oauth2.Credential.executeRefreshToken(Cred
ential.java:570)
        at com.google.api.client.googleapis.auth.oauth2.GoogleCredential.execute
RefreshToken(GoogleCredential.java:362)
        at com.google.api.client.auth.oauth2.Credential.refreshToken(Credential.
java:489)
        at com.google.api.ads.common.lib.auth.OAuth2Helper.callRefreshToken(OAut
h2Helper.java:69)
        at com.google.api.ads.common.lib.auth.OfflineCredentials.generateCredent
ial(OfflineCredentials.java:172)
        ... 5 more

NB: Before, it worked fine with the same parameters.

Regrads, 

[Shwetha Vastrad (AdWords API Team)]

Hi Fatma,

Could you recheck that the OAuth credentials are correctly provided in the ads.properties file? Have you tried generating a new refresh token and using it to make API requests? 

Thanks,

Shwetha, AdWords API Team.

[Fatma Ben Hamza]

Hi Shwetha,

thank you for your reply

the ads.properties file has not been changed since 2014.

No I have not generate a new Refresh token because it hasn't a lifetime. It's never expire

Thanks

[Shwetha Vastrad (AdWords API Team)]

Hi Fatma,

Tokens can expire for some reasons. Please see this guide for more information on token expiration. Could you generate a new refresh token and use it in your application and let me know if it works? 

[P Ramz]

Hi Shwetha,

  I am getting an identical error. I obtained a new 'refresh token' and used that in the application and still continue to see the same error. 

Thanks,

Ramz

[Shwetha Vastrad (AdWords API Team)]

Hi Ramz,

Could you provide the steps you followed to generate your refresh token and the complete error you received with the new refresh token? If you happen to have any SOAP XML request and response logs, it'll be helpful as well. 

[P Ramz]

Hi Shwetha, 

   We use the Java API and this is what we are doing: 

1. Initialize the scope and the callback url 

2. Configure AuthorizationCodeFlow 

GoogleAuthorizationCodeFlow authorizationFlow = new GoogleAuthorizationCodeFlow.Builder(new NetHttpTransport(), new JacksonFactory(), clientSecrets, Lists.newArrayList(SCOPE)).setAccessType("offline").build();

3. Get the 'Authorization URL'
4. Put the 'Authorization URL' in the browser and get the authorization code
5. Authorize the OAuth2 token 

GoogleAuthorizationCodeTokenRequest tokenRequest = authorizationFlow.newTokenRequest(authorizationCode);
tokenRequest.setRedirectUri(CALLBACK_URL);
GoogleTokenResponse tokenResponse = tokenRequest.execute();

6. Create the OAuth2 credential and set the token response 

GoogleCredential credential = new GoogleCredential.Builder().setTransport(new NetHttpTransport()).setJsonFactory(new JacksonFactory()).setClientSecrets(clientSecrets).build();
credential.setFromTokenResponse(tokenResponse);

7. Get the refresh token from the GoogleCredential object 
8. Use that refresh token in the application 

Hope this is what you were looking for.. .

Thanks,
Ramz

[Shwetha Vastrad (AdWords API Team)]

Hi Ramz,

This helps. Could you also let me know if you are using Installed app flow or Web app flow when you created the OAuth2 credentials along with the error message received? 

[P Ramz]

Hi Shwetha

   We are using the Web app flow when we created the OAuth2 credentials. We used the Oauth2 Playground URL as the call back and I checked with the account configuration and the call back url does match 

Thanks

Ramz

[Josh Radcliff (AdWords API Team)]

Hi Ramz,

The code from your previous response shows how you are obtaining a refresh token, but could you also share the code you're using to get an access token (create a Credentials object) from the refresh token?

Also, to rule out issues with the client library or your ads.properties file, you could issue the access token request via curl as follows:

curl --data "grant_type=refresh_token" \

     --data "refresh_token=YOUR_REFRESH_TOKEN" \

     --data "client_id=YOUR_CLIENT_ID" \

     --data "client_secret=YOUR_CLIENT_SECRET" \

     https://accounts.google.com/o/oauth2/token

Obviously, you won't be using curl to get access tokens from your app :), but this will at least tell us if the refresh token, client ID, and client secret you're using are valid.

Thanks,

Josh, AdWords API Team