AuthenticationError.LOGIN_COOKIE_REQUIRED

[Martin Geubelle]

Hi,

Since I am using my application on the web client (and not in local anymore), I have experienced a strange error.

It looks like I can retrieve refresh/access token for the same adwords account only once. I am using Python Library.

1. I state the URL for getting API access (like : https://accounts.google.com/o/oauth2/auth?scope=https://www.googleapis.com/auth/adwords&redirect_uri=#MYPAGEn&response_type=code&client_id=#MYCLIENTID.apps.googleusercontent.com&access_type=offline). 
   
2. Because I have multiple account, that link sends me to the page accountChooser (like https://accounts.google.com/AccountChooser?service=lso&continue=https%3A%2F%2Faccounts.google.com%2Fo%2Foauth2%2Fauth%3Fresponse_type%3Dcode%26scope%3Dhttps%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadwords%26access_type%3Doffline%26redirect_uri%3D#MYPAGE%26client_id%#MYCLIENTID.apps.googleusercontent.com%26hl%3Dfr%26from_login%3D#MYLOGIN&btmpl=authsub&hl=fr --> see attachment 1). 
   
3. Normally, after choosing one of the account, I am redirected to the "Accept API access page" (see attachment 2), and then I click on "accept" and 
4. I am redirected to #MYPAGE?code=4/#THECODE and I can authenticate with flow = OAuth2WebServerFlow(...) and flow.step2_exchange(#THECODE)
   

The problems arises when I already have the access for one account and I try to redo the same operation. At step 2), after choosing the account, Google seems to skip step 3) and go directly to step 4) where I try to authenticate and that gives me a "Server raised fault: '[AuthenticationError.LOGIN_COOKIE_REQUIRED @ ; trigger:'<null>']'".

Is it a normal behaviour ? Can I only retrieve API access ONCE per account on a website with a "Client identifier for a Web application" (even if I can do it multiple times in local with a "Client identifier for a Native Application") ?

Thanks,

Martin

[Danial Klimkin]

Hello Martin,

This is a tricky case. Generally, we recommend logging off from every account and logging in with the one you'd like to authorize for.

Generally, you can approve one application only once per account, so you may be hitting a "wrong" (already authorized) account in the process.

-Danial, AdWords API Team.

[Martin Geubelle]

Thank you for you quick answer !

"Generally, you can approve one application only once per account, so you may be hitting a "wrong" (already authorized) account in the process."

Is it only true for Web application ? Because in local I have never experienced this problem ... In fact, when the user disconnects and tries to come back later to our website, in order to authenticate him, we use his Google account (and not a special login from ours) so this is why I try to hit an already authorized account.

[Martin Geubelle]

Hi,

The workaround I found for now is to revoke the access token and ask the authorization again, but it's not very convenient.

I just don't get why it's possible in local with an "native application client identifier" and not on the web with an "web application client identifier" ... What could justify this difference ?

Thanks,

Martin

[Martin Geubelle]

Solution found on this page : https://developers.google.com/accounts/docs/OAuth2WebServer

Use approval_prompt=force

Martin