Retrieve user Google Ads accounts using OAuth2 access_token

[ito...@adhocexecutive.com]

Hi folks,

I have been struggling with OAuth2 and Google Adwords API for a while but the posts in this group did not solved my problem, so excuse me if I repeat any question already made.

I would like to retrieve all accounts from a given Google Ads user, after the sign-in and consent screens, using the tokens retrieved to link those accounts to my own MCC account.

The OAuth2 flow I have been following is as described in many places, i.e: https://256stuff.com/gray/docs/oauth2.0/2

I am using the PHP client and I would like to retrieve the info on behalf of other Google Ads users: https://github.com/googleads/googleads-php-lib/wiki/API-access-on-behalf-of-your-clients-(web-flow)

I have created the project with OAuth2 credentials as a web app, enabled the Adwords API and the tokens (access and refresh) are being retrieved like a charm.

I have already checked that the scope for the user token stored in my database is the right one with https://www.googleapis.com/oauth2/v3/tokeninfo

I am using a Google Test account MCC but the Sing-In/Consent process is done with a regular not testing Google Ads account.

Access_Token_Info

{
 "azp": "vvv.apps.googleusercontent.com",
 "aud": "vvv.apps.googleusercontent.com",
 "sub": "112558273664355511061",
 "scope": "https://www.googleapis.com/auth/plus.me https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/adwords",
 "exp": "1536585726",
 "expires_in": "1565",
 "email": "user_...@gmail.com",
 "email_verified": "true",
 "access_type": "offline"
}

My code

$oAuth2 = new OAuth2(
            [
                'authorizationUri' => 'https://accounts.google.com/o/oauth2/v2/auth',
                'tokenCredentialUri' => 'https://www.googleapis.com/oauth2/v4/token',
                'redirectUri' => env('APP_URL') . env('GOOGLE_REDIRECT_URI'),
                'clientId' => env('GOOGLE_ID'),
                'clientSecret' => env('GOOGLE_SECRET'),
                'scope' => 'https://www.googleapis.com/auth/adwords',
                'refresh_token' => '<previously_retrieved_user_refresh_token>'
            ]
        );

        $oAuth2->setState(sha1(openssl_random_pseudo_bytes(1024)));
        $oAuth2->setAccessToken('<previously_retrieved_user_token>');

        $session = (new AdWordsSessionBuilder())
            // ->withClientCustomerId('<my_MCC_client_customer_id>')
            ->withDeveloperToken('<my_developper_token>')
            ->withOAuth2Credential($oAuth2)
            ->build();

        $adWordsServices = new AdWordsServices();
        $service = $adWordsServices->get($session, CustomerService::class);

        // Make the get request.
        $page = $service->getCustomers();

In my request I am omitting the clientCustomerId intentionally and setting the user's access and refresh tokens, but not so sure this is the right way.

Response

[2018-09-10 12:49:21] AW_SOAP.WARNING: clientCustomerId= operations=1 service=CustomerService method=getCustomers responseTime=240 requestId=00057583c9396a300a858c56a20d3063 server=adwords.google.com isFault=1 faultMessage=[AuthenticationError.CUSTOMER_NOT_FOUND @ ]
[2018-09-10 12:49:21] AW_SOAP.NOTICE: POST /api/adwords/mcm/v201806/CustomerService?wsdl HTTP/1.1
Host: adwords.google.com
Connection: close
User-Agent: PHP-SOAP/7.2.8
Content-Type: text/xml; charset=utf-8
SOAPAction: ""
Content-Length: 625
Authorization: REDACTED

<?xml version="1.0" encoding="UTF-8"?>
<SOAP-ENV:Envelope xmlns:SOAP-ENV="http://schemas.xmlsoap.org/soap/envelope/" xmlns:ns1="https://adwords.google.com/api/adwords/mcm/v201806" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201806"><SOAP-ENV:Header><ns1:RequestHeader><ns2:developerToken>REDACTED</ns2:developerToken><ns2:userAgent>unknown (AwApi-PHP, googleads-php-lib/37.0.0, PHP/7.2.8)</ns2:userAgent><ns2:validateOnly>false</ns2:validateOnly><ns2:partialFailure>false</ns2:partialFailure></ns1:RequestHeader></SOAP-ENV:Header><SOAP-ENV:Body><ns1:getCustomers/></SOAP-ENV:Body></SOAP-ENV:Envelope>

HTTP/1.1 500 Internal Server Error
Content-Type: text/xml; charset=UTF-8
Date: Mon, 10 Sep 2018 12:49:20 GMT
Expires: Mon, 10 Sep 2018 12:49:20 GMT
Cache-Control: private, max-age=0
X-Content-Type-Options: nosniff
X-Frame-Options: SAMEORIGIN
X-XSS-Protection: 1; mode=block
Server: GSE
Alt-Svc: quic=":443"; ma=2592000; v="44,43,39,35"
Accept-Ranges: none
Vary: Accept-Encoding
Connection: close

<soap:Envelope xmlns:soap="http://schemas.xmlsoap.org/soap/envelope/"><soap:Header><ResponseHeader xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201806" xmlns="https://adwords.google.com/api/adwords/mcm/v201806"><ns2:requestId>00057583c9396a300a858c56a20d3063</ns2:requestId><ns2:serviceName>CustomerService</ns2:serviceName><ns2:methodName>getCustomers</ns2:methodName><ns2:operations>1</ns2:operations><ns2:responseTime>240</ns2:responseTime></ResponseHeader></soap:Header><soap:Body><soap:Fault><faultcode>soap:Server</faultcode><faultstring>[AuthenticationError.CUSTOMER_NOT_FOUND @ ]</faultstring><detail><ApiExceptionFault xmlns="https://adwords.google.com/api/adwords/mcm/v201806" xmlns:ns2="https://adwords.google.com/api/adwords/cm/v201806"><ns2:message>[AuthenticationError.CUSTOMER_NOT_FOUND @ ]</ns2:message><ns2:ApplicationException.Type>ApiException</ns2:ApplicationException.Type><ns2:errors xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:type="ns2:AuthenticationError"><ns2:fieldPath></ns2:fieldPath><ns2:trigger></ns2:trigger><ns2:errorString>AuthenticationError.CUSTOMER_NOT_FOUND</ns2:errorString><ns2:ApiError.Type>AuthenticationError</ns2:ApiError.Type><ns2:reason>CUSTOMER_NOT_FOUND</ns2:reason></ns2:errors></ApiExceptionFault></detail></soap:Fault></soap:Body></soap:Envelope>

I always get the CUSTOMER_NOT_FOUND error and if I include instead the MCC clientCustomerId the error changes to AuthorizationError.USER_PERMISSION_DENIED.

Is this the right approach to get all Adwords accounts for a given user using OAuth2?

Hope anyone can help me figure it out and thanks to everyone.

[Bharani Cherukuri (AdWords API Team)]

Hello Torres, 

Could you please share the MCC ID along with the email address used for authentication, so I can take a look? You can reply back via Reply privately to author option. 

Thanks,

Bharani, AdWords API Team

[Deval Mungalpara]

Hello 

I'm having same error and used same code like Toress did. Please help me