AuthorizationError.USER_PERMISSION_DENIED

228 views
Skip to first unread message

Joshua Newman

unread,
Jun 9, 2014, 9:12:41 AM6/9/14
to adwor...@googlegroups.com
Recently migrated from clientLogin to Oauth2 and had no problem retrieving the access token and refresh token for our managed accounts. I now have 1 account getting this error while using Oauth2:

Google.Api.Ads.AdWords.Lib.AdWordsApiException: An API exception has occurred. See ApiException and InnerException fields for more details. ---> System.Web.Services.Protocols.SoapException: [AuthorizationError.USER_PERMISSION_DENIED @ ; trigger:'']

I've checked the developer token and the clientCustomerId and both are correct. Also the account was able to get Oauth2 access and refresh tokens; the account successfully refreshes the access token too. Any help is greatly appreciated.

Josh Radcliff (AdWords API Team)

unread,
Jun 9, 2014, 10:46:48 AM6/9/14
to adwor...@googlegroups.com
Hi,

That error indicates that the user associated with the OAuth2 access token in the request does not have access to the account in the clientCustomerId SOAP header. Two common causes for this are:

1. The OAuth2 refresh token was obtained while logged in as an MCC, but that MCC no longer has access to the client account.
2. When obtaining the OAuth2 refresh token you (or the user who went through the flow) were logged into some other Google account that does not have access to the client account. You will be able to get a refresh token (or access token) for the AdWords scope regardless of whether the user has an AdWords account since the OAuth2 flow does not check if an AdWords account exists for the user -- it merely grants access to the AdWords scope for that user.

Also, the developer token has no impact on authorization. A valid OAuth2 access token can be used to make API requests against your account using any developer token, as the developer token is not part of the OAuth2 flow.

Cheers,
Josh, AdWords API Team

Joshua Newman

unread,
Jun 9, 2014, 1:33:14 PM6/9/14
to adwor...@googlegroups.com
Thanks for the response. No other account is behaving this way and I think its because what we had to do to link it. Initially the account's password had been changed so we couldn't get it an oauth2 access/refresh token. To fix this we added a new user to the account with administrative access then requested the oauth2 tokens using the new email/password combination. Now everytime we use oauth2 with this account we get the USER_PERMISSION_DENIED error. I also double checked that the account's oauth2 tokens were acquired using the correct email/password. I'm not sure where to go from here.

Josh Radcliff (AdWords API Team)

unread,
Jun 9, 2014, 2:07:35 PM6/9/14
to adwor...@googlegroups.com
Hi,

Could you send the following only to me by clicking Reply to Author?
  1. The customer ID of the client AdWords account you are trying to access
  2. The customer ID of the MCC
  3. The user name (email address) of the user you were logged in as when you generated your OAuth2 refresh token.
Thanks,
Josh, AdWords API Team

oskar...@tausendkind.de

unread,
Jul 11, 2017, 11:54:33 AM7/11/17
to AdWords API Forum
Hi Josh can i contact you too? I have the same problem

Thank you


tausendkind GmbH
Knesebeckstr. 1-2
10623 Berlin
Deutschland


Geschäftsführer: Dr. Anike v. Gagern, Dr. Kathrin Weiß
Eingetragen beim Amtsgericht Charlottenburg (Berlin) unter HRB 129747 B
Steuernummer: 30/555/35025
UST-Identifikationsnummer: DE 274061314

Josh Radcliff (AdWords API Team)

unread,
Jul 11, 2017, 2:47:14 PM7/11/17
to AdWords API Forum
Hi,

Sure, feel free to send your info only to me by clicking Reply to Author on this message.

Thanks,
Josh, AdWords API Team
Reply all
Reply to author
Forward
0 new messages