Oauth2.0 directly generating access token once already allowed access

[Chirag]

Hello All,

I am having a system in which multiple accounts can link in order to get diffrent adwords account details.

I am facing issue with Oauth2.0 authentication.
when first time i am allowing access using Oauth2.0 to access adwords client information, then system asking me to allow access permission, but when i tried to link other adwords (client id)account under system for other clientid with google account already logged In with access permisiion allowed than it is directly giving me the old account's access token permission for other account also.

Can we have any other way so that i can directly logout the adwords account when once allowed access done?

[David Torres (AdWords API Team)]

Hi,

I'm a bit confused with your question, are you asking how to switch/store access tokens in one of our client libraries? if yes, which library? can you outline in more detail the steps/code you are executing?

Best,

- David Torres - AdWords API Team

[Chirag]

Hello David,

I am using PHP Client Library.

Here is more details.

Let's assume i have one adwords mcc account x...@gmail.com.

For first time authentication i need allow access to my web application for access token and refresh token. i do allow and link my one client id at that time.

Now let's say i need to link other client id using same email x...@gmail.com for same web app.

Now oauth 2.0 is not asking me to allow access it directly gives me refresh token, as i have already authenticate web app.

This was not the case with Oauth1.0a, every time i need to link client id i need to allow access.

So this was my situation. I have a system where user can link there client ids and fetch the customize reports for diffrent client ids.

Please suggest me how i can use oauth 2.0 like we do with Oauth 1.0a where i cam easily manage diffrent client ids with same mcc account.

[David Torres (AdWords API Team)]

Hi Chirag,

I think the problem comes from a misunderstanding of the term client ID. OAuth2 client ID is not the same of the AdWords clientCustomerId, the OAuth2 client ID which you get through the API Console identifies your application, while the clientCustomerId identifies the AdWords account you want to access. So requesting access to the AdWords account (access token and refresh token) requires you pass the OAuth2 client ID that identifies your application and tells the user that your application wants to access his account, at that point the user needs to login using his AdWords credentials so the generated access and refresh tokens are granting permissions to the right AdWords account. Later on if the user wants to grant you permissions to a different AdWords account (a different clientCustomerId) then he will need to logout and log back in with the credentials of his other AdWords account, but the OAuth2 client ID remains the same because this ID identifies your application and not the user AdWords account. That is because we recommend you use MCCs to access multiple AdWords accounts, so the user just grants you access to his MCC account - once - and then you'll have access to all his linked client AdWords accounts.

I hope this clarifies the workflow of OAuth2. Let me know if I'm missing something.

Best,

- David

[Chirag]

Hi David,

As you said

Later on if the user wants to grant you permissions to a different AdWords account (a different clientCustomerId) then he will need to logout and log back in with the credentials of his other AdWords account, but the OAuth2 client ID remains the same because this ID identifies your application and not the user AdWords account.

- In this case if user is forgot to logout and he tries to authenticate the application, than it directly giving refresh token without asking user for permission to allow as user has already allowed previously. My question is that only why user is not redirected to grant permission page.

Thanks,

Chirag

[Anash P. Oommen (AdWords API Team)]

Hi Chirag,

If you want to force users to be authenticated, then you can build your OAuth2 request with approval_prompt: force. See https://developers.google.com/accounts/docs/OAuth2WebServer for details.

Cheers,
Anash P. Oommen,

AdWords API Advisor.

[Chirag]

Hi Anash,

Thanks for your reply. 

But how i can take care this with PHP Client library. I think there is no scope for this under v201306.

[Anash P. Oommen (AdWords API Team)]

Hi Chirag,

Could you kindly file an issue under https://code.google.com/p/google-api-adwords-php/issues/list if that feature is not supported? I'll ask the PHP library maintainers to follow up with you over the issue tracker.

Cheers,
Anash

[Chirag]

Hello Anash,

Thanks, Issue filed.

Please see the link.

https://code.google.com/p/google-api-adwords-php/issues/detail?id=102

Thanks,

Chirag

[Chirag]

Hello,

Again started to facing the issue after passing 'approval_prompt' => 'force''.

The 'approval_prompt' => 'force' is not working as expected.

If I pass the 'approval_prompt' => 'force', it is not asking user to authorize app forcefully If I had login with already authorized adwords account.

Also It is not returning refresh_token with $user->GetOAuth2Info() under below code.

$OAuth2Handler = $user->GetOAuth2Handler();

$user->SetOAuth2Info($OAuth2Handler->GetAccessToken($user->GetOAuth2Info(), 

$code, $redirectUri));

$user->GetOAuth2Info();

Thanks,

[Anash P. Oommen (AdWords API Team)]

Hi,

This thread is more than three years old, could you kindly open a new thread?

Cheers,
Anash P. Oommen,
AdWords API Advisor.