How long would a refresh token last if I changed my project's status to "In production"? Also, can I retrieve a refresh token programmatically and without needing user input/confirmation?

[Κωστας Μαυρογαλος]

Greetings,

I'm trying to solve a conundrum here.

My project is configured as "External" and "Testing", which makes my refresh tokens last for just 7 days.

Since the scripts that use the refresh tokens are executed automatically via a cronjob, I would like an answer to each of these questions please, if possible:
A) Is there a way to get a refresh token without user input/verification? If yes, how? If no, why not(asking academically)?
B) Assuming I change my project's status to "In Production", how long would my refresh tokens last then? Would my project be visible to everyone with a Google Account? What exactly would change in the visibility of the project for outsiders?

Thank you in advance and have a nice day.

[Google Ads API Forum Advisor]

Hi,

Thank you for reaching out to Google Ads API Forum.

Please see responses to your questions below.

A) Is there a way to get a refresh token without user input/verification? If yes, how? If no, why not(asking academically)?

- Generating a refresh token requires a user input since refresh token is generated when a user authorizes an app to access the Google Ads API on their behalf.

B) Assuming I change my project's status to "In Production", how long would my refresh tokens last then? Would my project be visible to everyone with a Google Account? What exactly would change in the visibility of the project for outsiders?

-As stated here , save refresh tokens in secure long-term storage and continue to use them as long as they remain valid. Limits apply to the number of refresh tokens that are issued per client-user combination, and per user across all clients, and these limits are different. If your application requests enough refresh tokens to go over one of the limits, older refresh tokens stop working. You may also refer to this guide (https://developers.google.com/identity/protocols/oauth2#expiration) for more information about refresh token expiration. Additionally, kindly check this documentation (https://developers.google.com/google-ads/api/docs/oauth/cloud-project#choose_a_user_type_and_publishing_status) for the key attributes and limitations of each combination of setting the user type and publishing status. 

I hope this helps.

This message is in relation to case "ref:_00D1U1174p._5004Q2n9MX8:ref"

Thanks,
 

Google Ads API Team

[Κωστας Μαυρογαλος]

So, basically, refresh tokens last for ever, as long as the requirements in https://developers.google.com/identity/protocols/oauth2#expiration are met?

[Google Ads API Forum Advisor]

Hi,

Thank you for returning to our team.

Regarding your concern, kindly note that your provided document is specifically about refresh token expiration. For the OAuth2 desktop app flow (https://developers.google.com/google-ads/api/docs/oauth/cloud-project#desktop), you can persist a refresh token (which never expires) to obtain a new access token whenever necessary. When using one of our client libraries (https://developers.google.com/google-ads/api/docs/oauth/client-library), you can authorize your app by filling out a configuration file.

As mentioned from documentation (https://developers.google.com/google-ads/api/docs/oauth/cloud-project#choose_a_user_type_and_publishing_status) provided from the above email, you need to set the publishing status to 'In Production' which will prevents the refresh token expiration. Please note that not completing the Google OAuth verification (https://support.google.com/cloud/answer/7454865#verification) results in the following, regardless of the User type or Publishing status of your project:

• During the authorization process, users are presented with an unverified UI (https://support.google.com/cloud/answer/7454865) screen.
• You are limited to authorizing only 100 users.