How to refresh the client refresh_token?

[Stiofán Ó Riain]

Hi all

I am struggling with the Google Ads API documentation, so I would appreciate any help you can give me on this.

I have created a Google Ads API test application which accesses User Data, uses the Google Ads API scope, and has an OAuth Client ID and authorised redirect URL.

The application is still a Test application.

The problem is as follows:

1. A user links his Google Ads accounts using my software. I save his refresh token in my database.

2. My software then start managing his campaigns for him. Everything works as expected.

3. We do nothing for one week.

4. Now when my software tries to interact with the user's Google Ads accounts, it gets an error like this:

Fatal error: Uncaught GuzzleHttp\Exception\ClientException: Client error: POST https://oauth2.googleapis.com/token resulted in a 400 Bad Request response: { "error": "invalid_grant", "error_description": "Bad Request" }

Looking at the documentation I can see the following:

"A Google Cloud Platform project with an OAuth consent screen configured for an external user type and a publishing status of "Testing" is issued a refresh token expiring in 7 days."

So I'm guessing this is the issue: the user's refresh token has expired.

Also in the documentation it says the following:

"Access tokens have limited lifetimes. If your application needs access to a Google API beyond the lifetime of a single access token, it can obtain a refresh token. A refresh token allows your application to obtain new access tokens."

OK, so I need up update the user's refresh token.

 But how do I do this?

Do I need to make a cron which every few days runs some code which updates all the user refresh tokens in my database? If so, can you point me to some PHP code or the exact API call I need to use to do this?

Thanks in advance for your help.

[Google Ads API Forum Advisor]

Hi,

The invalid grant error occurs because of a mismatch of credentials and tokens. I would recommend clearing the cache and using the newly generated refresh token. Yes for published status 'Testing' the refresh token expires in 7 days. For the refresh token expiration scenarios:
https://developers.google.com/identity/protocols/oauth2#expiration
 

Generating a refresh token: https://developers.google.com/google-ads/api/docs/first-call/refresh-token?hl=en
Based on your usecase, you can generate a new refresh token once it is expired.
Related links:

1. https://stackoverflow.com/questions/63822029/google-api-oauth-2-0-trying-to-get-accesstoken-using-curl
2. https://developers.google.com/google-ads/api/docs/samples/authenticate-in-desktop-application#php
3. https://stackoverflow.com/questions/65203323/how-to-get-refresh-token-in-google-oauth-2-0-api-with-php
4. https://developers.google.com/identity/protocols/oauth2/native-app#exchange-authorization-code

Thanks,

Lakshmi Prathipati Google Ads API Team

 

ref:_00D1U1174p._5004Q2ScPDp:ref

[Stiofán Ó Riain]

Hi Lakshmi

Thanks for your reply.

Yes, I have seen that documentation. I don't have any problems creating the initial token, but after it has expired how do I created a new one?

The flow to create the initial token is currently as follows:

* We create an oauth2 redirect URL for the user.

* The user then gives permission to our app to access their account.

* We then receive a code and we can use fetchAuthToken() to get the refresh_token.

Are you saying the user will need to manually give us permission to access their account again?

I feel there must be an easier way to do this without the user having to do anything.

Thanks

Steve

[Google Ads API Forum Advisor]

Hi Stiofán,

I work with Lakshmi and will assist you. You can receive support from GCP support for transforming your test app into a fully published app. This will take away an obvious reason why your app continuously needs a new refresh token. 

Note that Ads API apps must complete OAuth verification, being a test app is one way to get around that requirement.

Regards,

Aryeh Baker Google Ads API Team

ref:_00D1U1174p._5004Q2ScPDp:ref

[Stiofán Ó Riain]

Hi Aryeh

Thanks for your message.

While my app is in test mode, can you confirm how exactly I refresh the refresh token without the user needing to manually re-link his Google Ads account to my app? Or is that the only way - I delete the refresh token and the user manually goes through the steps again to link his Google Ads account to my app?

Thanks

Steve

[Google Ads API Forum Advisor]

Hi Steve,

I am also a member of the Google Ads API team and let me provide support to your concern.

To answer your latest question, I am afraid that when the user encountered the error because the refresh token has been expired, then they need to manually allowing the OAuth2 credentials in the browser to access the Google Ads account on their behalf.

The workaround here is to transform your test app into a fully published app and you can reach out to GCP support to know the steps.

Let me know if you have further questions.

Regards,

Ernie John Blanca Tacata Google Ads API Team

ref:_00D1U1174p._5004Q2ScPDp:ref