Refresh token generating invalid acess tokens

[Selcuk]

Hello!

We are running into the following problem:

We have a platform where customers can connect their Google Ads account and we fetch their campaigns / adgroups / ads etc. The flow is as follows:

1. The customer logs in with their Google Ads account.\

2. We get an auth token which we use to get a long-lived refresh token and an access token

3. The customer selects an ad account.

4. We fetch the campaigns/adgroups/ads using the query endpoint every hour.

Now, suddenly, the following has started to happen:

1. We fetch the campaigns, and get the following error:

org.springframework.web.client.HttpClientErrorException$Unauthorized: 401 Unauthorized: "{<EOL>  "error": {<EOL>    "code": 401,<EOL>    "message": "Request had invalid authentication credentials. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",<EOL>    "status": "UNAUTHENTICATED"<EOL>  }<EOL>}<EOL>"

2. We use our refresh token to generate a new access token (This succeeds, important!)

3. We try to fetch the campaigns again, and we get the exact same error as above.

4. We decide that we can no longer use the refresh token and drop the Google Ads connection and send an email to the customer.

We are very confused why this error is happening for so many customers all of a sudden, what could the possible reasons be? The customers that have had this happen to them (many!) have contacted us and assured us that they have not touched anything in regards to the permissions for our app.

[Selcuk]

Important to note that this usually happens after a couple of days, so the access tokens that we generate initially (every 45 minutes for atleast a couple of days) all seem to work well. It's just that very suddenly they become invalid and we can't generate a new valid one.

[Google Ads API Forum Advisor]

Hi,

Thank you for reaching out to the Google Ads API support team.

Kindly note that the “401 Unauthorized” error might happen if you were not creating the token precisely the correct way. Could you confirm if you tried following the instructions discussed in this document?

If not, please go through all the steps mentioned in the suggested documentation. Also, you can refer to this troubleshooting documentation to know the troubleshooting steps that you have to follow when you get an "unauthorized" error. 

However, your issue remains unresolved, please get back to us the complete API logs (request and response with request-id and request header) generated at your end so that we can check from our end and assist you further. For this, you have to enable logging if you are using a client library.

You can refer to the guides Java, .Net, PHP, Python, Ruby or Perl to enable logging at your end. For REST interface requests, you can enable logging via the curl command by using the -i flag.

You can send the details via the Reply privately to the author option or a direct private reply to this email. 

This message is in relation to case "ref:!00D1U01174p.!5004Q02tOvLk:ref" (ADR-00230328)

Thanks,
 

Google Ads API Team