Oauth2.0 'approval_prompt' => 'force' is not working as expected
2,981 views
Skip to first unread message
cv
Oct 18, 2016, 2:29:55 AM10/18/16
to AdWords API Forum
Hello All,
The 'approval_prompt' => 'force' argument with oauth callback url is not working as expected.
If I pass the 'approval_prompt' => 'force', it is not asking user to authorise app forcefully If I had login with already authorized adwords account.
Also It is not returning refresh_token with $user->GetOAuth2Info() under below code.
$OAuth2Handler = $user->GetOAuth2Handler();
$user->SetOAuth2Info($OAuth2Handler->GetAccessToken($user->GetOAuth2Info(),
$code, $redirectUri));
$user->GetOAuth2Info();
Thanks,
Josh Radcliff (AdWords API Team)
Oct 18, 2016, 10:27:24 AM10/18/16
to AdWords API Forum
Hi,
When you get the authorization URL, do you pass true for the offline argument, as shown in the GetRefreshToken.php example?
Without that argument set to true, you'll only be given back an access token.
Thanks,
Josh, AdWords API Team
cv
Oct 19, 2016, 12:56:06 AM10/19/16
to AdWords API Forum
Hello Josh,
Yes, I am passing offline to true.
My main concern is approval prompt is not prompting users to authorised app forcefully.
Please check this thread for more info : https://groups.google.com/forum/?utm_medium=email&utm_source=footer#!topic/adwords-api/GTClxukrLCE
It was working fine prior to client library v13.1.0
I was using v10.0.0.
My code :
$offline = TRUE;
$extra_para = array();
$extra_para['approval_prompt'] = 'force';
$extra_para['state'] = 'info_page';
$OAuth2Handler = $user->GetOAuth2Handler();
$authorizationUrl = $OAuth2Handler->GetAuthorizationUrl($user->GetOAuth2Info(), $redirectUri, $offline, $extra_para);
Thanks,
Josh Radcliff (AdWords API Team)
Oct 19, 2016, 9:32:42 AM10/19/16
to AdWords API Forum
Hi,
Thanks for confirming you're passing the correct offline value.
This is looking like a client library issue. I just experimented with the approval_prompt in the OAuth Playground, and it seems to be behaving properly.
Have you recently tried it again with v10.0.0 of the client library and confirmed it still works with that version? If so, please open an issue in the PHP client library on this page, and the client library owner will respond.
Thanks,
Josh, AdWords API Team
cv
Oct 19, 2016, 1:48:33 PM10/19/16
to AdWords API Forum
Hello Josh,
I will try with older version again and inform owner with library to look into it.
Thanks,
cv
Oct 19, 2016, 2:52:26 PM10/19/16
to AdWords API Forum
Hello Josh,
I just noticed that there is no approval_prompt under in the OAuth Playground,
Instead it is prompt=consent or prompt=select_account or it can be prompt=none
So I guess Now approval_prompt = Auto / Force is deprecated..
Please provide your input on this.
prompt=consent is working as a approval_prompt = Force
Thanks,
Josh Radcliff (AdWords API Team)
Oct 19, 2016, 5:11:11 PM10/19/16
to AdWords API Forum
Hi,
That's true, but you can still use approval_prompt=force and it will behave as expected, even with the OAuth playground.
To see this, select Force prompt: Consent screen in the playground, then click the Authorize APIs button. The URL in the resulting consent screen will look something like this:
https://accounts.google.com/o/oauth2/auth?redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&prompt=consent&response_type=code&client_id=XXXXXX.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadwords&access_type=offline
If you change that URL to use approval_prompt=force, you'll see that you will always get the consent screen.
https://accounts.google.com/o/oauth2/auth?redirect_uri=https%3A%2F%2Fdevelopers.google.com%2Foauthplayground&approval_prompt=force&response_type=code&client_id=XXXXXX.apps.googleusercontent.com&scope=https%3A%2F%2Fwww.googleapis.com%2Fauth%2Fadwords&access_type=offline
Thanks,
Josh, AdWords API Team
cv
Oct 20, 2016, 1:24:57 AM10/20/16
to AdWords API Forum
Hello Josh,
Yes you are right, approval_prompt = force is working fine when you are allowing app for the first time and not logged out from your login before expires_in time.
It was not worked in following case
Step 1 : Allow user to authorised your app which may have url
Allow This will redirect to consent screen,
Step 2: Now user has approved your app from consent screen from step 1
The response is access token and refreshtoken
{
"access_token": "yXXXXX_A",
"token_type": "Bearer",
"expires_in": 3600,
"refresh_token": "1XXXXXFw"
}
Step 3 : User tries to link his another adwords account to same app but he has not logged out from his adwords account which was approved from step 2, Now url will be same as step 1 as it is same app and user click on Authorize API button
In this case user will not be see consent screen and simply response without refreshtoken
{
"access_token": "yaXXXXXUg",
"token_type": "Bearer",
"expires_in": 3593
}
Thanks,
Josh Radcliff (AdWords API Team)
Oct 20, 2016, 4:42:21 PM10/20/16
to AdWords API Forum
Hi,
Sorry, I could have sworn that this worked for me when I did it yesterday, but when I tried again today I saw the behavior you described.
I searched a bit and found that the Google OAuth2 documentation now only lists the prompt parameter -- approval_prompt no longer appears. I'm still digging to find out why and when this change occurred, but in the meantime it seems that switching to prompt=consent in place of approval_prompt=force should fix this for you.
Thanks,
Josh, AdWords API Team
cv
Oct 26, 2016, 5:25:24 AM10/26/16
to AdWords API Forum
Hello Josh,
Any info found?
Should I go ahead with this change across my application?
Thanks,
Josh Radcliff (AdWords API Team)
Oct 26, 2016, 11:35:00 AM10/26/16
to AdWords API Forum
Hi,
Sorry for the delay. I recommend changing your app to use prompt instead of approval_prompt, based on the response on this stack overflow thread and the fact that prompt adheres to the OpenID Connect spec.
Thanks,
Josh, AdWords API Team
Reply all
Reply to author
Forward
0 new messages