invalid_grant / token limits : best practices for preventing/managing
32 views
Skip to first unread message
Aaron Lozier
Nov 29, 2016, 5:44:29 PM11/29/16
to AdWords API Forum
I am looking for some guidance on how to handle a somewhat complicated problem on our end which hinges on the design of our application as well as the token limits enforced by Google API: namely the limit of 25 (50?) tokens "per user, per client".
We basically have a multi-tenant application with many logins, companies and clients available along with dashboards. Some of our users authenticate their own AdWords accounts. Others we authenticate for them using our MCC accounts.
The problem is we have somewhat lost track of which logins were used to authenticate which dashboards, and have ended up in a situation where we are basically chasing our tail. As we reauthenticate accounts which are returning the invalid_grant error, other accounts stop working and begin showing this error.
The question is, what can I do on the development side to identify which accounts are using the same user/client pair, and are thus in need of consolidation? We do have the ability to setup authentications at different "scopes," so the capability is there - just not the visibility. In other words, is it possible at all, assuming I have the oauth client id, secret, access token, token type, etc - to figure out which USER that is associated with - and to display it in a recognizable format, such as the email address associated with that user?
Alternately, assuming this cannot be done, is there any way to capture the email address of the user authenticating the AdWords account at the time the oauth authentication is granted? This seems like it should be simple, but I cannot find anything in the documentation explaining where this would be.
Any help/guidance would be much appreciated!
Thanks,
Aaron
Anthony Madrigal
Nov 29, 2016, 8:06:28 PM11/29/16
to AdWords API Forum
Hi Aaron,
Unfortunately, as far as I know, there is no way to find out what accounts are using what credentials using AdWords API. The only alternative I can think of would be to log in to the Google API Console Credentials page and finding the client Id and client secret through there.
Hope this helps.
Regards,
Anthony
AdWords API Team
Zweitze
Nov 30, 2016, 8:59:09 AM11/30/16
to AdWords API Forum
Do you want to find the email address that the user used to authenticate?
I haven't done this myself for AdWords, but the idea is this:
When authenticating, you request and AdWords scope for using AdWords API. The scope can have multiple items. You should add a second scope for the email API. Note that the window "this application wants to...", now also asks the user to grant access to its email.
When the user agrees, you get a refresh token that you can use for both AdWords API and Mail API. The last API has a function to retrieve the email address of the user.
Note - you have to lookup the actual value to add to the scope, and the actual name of the API that allows you to retrieve the email address. But the idea is that you add a scope, and use a different API.
Hope this helps.
I haven't done this myself for AdWords, but the idea is this:
When authenticating, you request and AdWords scope for using AdWords API. The scope can have multiple items. You should add a second scope for the email API. Note that the window "this application wants to...", now also asks the user to grant access to its email.
When the user agrees, you get a refresh token that you can use for both AdWords API and Mail API. The last API has a function to retrieve the email address of the user.
Note - you have to lookup the actual value to add to the scope, and the actual name of the API that allows you to retrieve the email address. But the idea is that you add a scope, and use a different API.
Hope this helps.
Reply all
Reply to author
Forward
0 new messages