invalid grant when generating refresh token
84 views
Skip to first unread message
Sean Gottschalk
Mar 27, 2015, 2:51:13 PM3/27/15
to adwor...@googlegroups.com
Hello,
I'm trying to create a refresh token for a client using my adwords developer credentials but when I enter the generated code I get a 400 invalid grant error from the adwords API.
I logged into my developer console on my MCC account and verified that I have the following OAuth credentials:
Client ID
379545466128.apps.googleusercontent.com
Client secret
<secret>
Redirect URIs
urn:ietf:wg:oauth:2.0:oob
http://localhost
I am using this example to generate the token, and have successfully generated tokens for other client accounts in the past:
https://github.com/googleads/googleads-java-lib/blob/master/examples/dfp_axis/src/main/java/dfp/axis/auth/GetRefreshToken.java
This is the url that I have the clients visit to generate the token:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=379545466128.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://adwords.google.com/api/adwords
I'm not sure where to go from here, does anyone have any debugging tips?
I'm trying to create a refresh token for a client using my adwords developer credentials but when I enter the generated code I get a 400 invalid grant error from the adwords API.
I logged into my developer console on my MCC account and verified that I have the following OAuth credentials:
Client ID
379545466128.apps.googleusercontent.com
Client secret
<secret>
Redirect URIs
urn:ietf:wg:oauth:2.0:oob
http://localhost
I am using this example to generate the token, and have successfully generated tokens for other client accounts in the past:
https://github.com/googleads/googleads-java-lib/blob/master/examples/dfp_axis/src/main/java/dfp/axis/auth/GetRefreshToken.java
This is the url that I have the clients visit to generate the token:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=379545466128.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://adwords.google.com/api/adwords
I'm not sure where to go from here, does anyone have any debugging tips?
Josh Radcliff (AdWords API Team)
Mar 30, 2015, 11:15:52 AM3/30/15
to adwor...@googlegroups.com
Hi,
Have you tried this multiple times? I ask because one possibility is that when you copied the authorization code from the browser, it's possible that you didn't copy the complete code.
Another suggestion would be to try getting another refresh token for a different account to see if it works for that account.
Thanks,
Josh, AdWords API Team
Sean Gottschalk
Mar 30, 2015, 5:48:39 PM3/30/15
to adwor...@googlegroups.com
Hi Josh,
I've had the client re-generate the code 3 or 4 times and have received the same invalid grant response each time.
The interesting thing is that I can generate the code using my personal google account (not related to any adwords accounts) against the client's adwords customer id and the OAuth service returns a refresh token. Could this be a sign that the client isn't giving me the full code, or could there be something wrong with their google account?
I've had the client re-generate the code 3 or 4 times and have received the same invalid grant response each time.
The interesting thing is that I can generate the code using my personal google account (not related to any adwords accounts) against the client's adwords customer id and the OAuth service returns a refresh token. Could this be a sign that the client isn't giving me the full code, or could there be something wrong with their google account?
Mark
Mar 31, 2015, 7:25:24 AM3/31/15
to adwor...@googlegroups.com
I have no affiliation with google. Just a fellow user like you. In my experience there are 2 cases where the refresh doesn't work:
1. When you exchange their code with non-empty scopes as a parameter. Make sure to leave this blank (not sure which client library you're using) and only include non-empty scopes when you create the initial redirect url.
2. When the redirect url parm of the exchange code request is not the same as the redirect url you provided the user (must be identical)
Also, make sure to start over FRESH, ie log in and visit https://security.google.com/settings/security/permissions and REVOKE your application, then repeat the process.
I also can't find this in the documentation or anywhere else in the forum; I just had to figure it out painfully.
Josh Radcliff (AdWords API Team)
Mar 31, 2015, 12:54:28 PM3/31/15
to adwor...@googlegroups.com
Hi,
Thanks for the helpful tips. Point #2 is covered in the OAuth guide for the web flow, in case that's helpful.
Note that you shouldn't have to revoke the application before getting another refresh token. I personally have multiple refresh tokens for the same application on several of my accounts.
Cheers,
Josh, AdWords API Team
Reply all
Reply to author
Forward
0 new messages