All Google logins fail now on TWO_STEP_VERIFICATION_NOT_ENROLLED
Ales Sturala
Google Ads API Forum Advisor
Hi Ales,
Thanks for reaching out to the Google Ads API Forum.
I had removed your second post as I can see that sensitive complete logs posted on the forum thread. You may avoid posting on forums but you may send to our team using reply privately to author option. For your reference, you may refer below redacted post:
“I just noticed that this problem is only related to our production clientId. Other applications work fine.
---------------BEGIN API CALL---------------
Request
-------
Method Name: /google.ads.googleads.v10.services.GoogleAdsService/Search
{ "customerId": "8849681417", "query": "SELECT\r\n customer_client.client_customer,\r\n customer_client.level,\r\n customer_client.manager,\r\n customer_client.descriptive_name,\r\n customer_client.currency_code,\r\n customer_client.time_zone,\r\n customer_client.id\r\n FROM customer_client\r\n WHERE\r\n customer_client.level = 1" }
Response
--------
Fault: {
"StatusCode": 16,
"Details": "Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",
"RequestId": "zFBevSFWmBN5c6GMEyWDzw",
"Failure": {
"errors": [
{
"errorCode": {
"authenticationError": "TWO_STEP_VERIFICATION_NOT_ENROLLED"
},
"message": "An account administrator changed this account's authentication settings. To access this Google Ads account, enable 2-Step Verification in your Google account at https://www.google.com/landing/2step."
}
],
"requestId": "zFBevSFWmBN5c6GMEyWDzw"
}
}
----------------END API CALL----------------
”
Moving forward, kindly note that the account administrators can require all users of a Google Ads account to enable 2-Step Verification in order to access the Google Ads account. This appears to be happening in your case as mentioned in this document.
If the user enabled 2-step verification, then during the OAuth2 authentication flow, Google prompts the user for 2-step verification before issuing a refresh token. If they didn't enable 2-step verification, then they won't see the 2-step verification prompt. This experience is independent of the setting that the administrator enabled for the Google Ads account.
Once issued, the refresh token can be used to issue access tokens. However, the API calls made using this access token will fail with an AuthenticationError.TWO_STEP_VERIFICATION_NOT_ENROLLED in the Google Ads API until the user enables 2-step verification in their Google account.
Also, an existing refresh token that was issued before the user enabled 2-step verification remains unaffected after the user enables 2-step verification. It can be used to issue access tokens as usual. However, the API calls made using this access token will continue to fail with an AuthorizationError.TWO_STEP_VERIFICATION_NOT_ENROLLED error in the AdWords API and AuthenticationError.TWO_STEP_VERIFICATION_NOT_ENROLLED in the Google Ads API until the user enables 2-step verification in their Google account.
Let us know if you have any questions.
Regards,
|
||||||
ref:_00D1U1174p._5004Q2dwCXT:ref
Ales Sturala
Google Ads API Forum Advisor
Thank you for sending updates, it appears that you already found an answer to your issue. If you have any additional questions feel free to send those over to our team and we would be happy to assist you further.
Best regards,
|
||||||
ref:_00D1U1174p._5004Q2dwCXT:ref