• Share
  • Email
  • Embed
  • Like
  • Save
  • Private Content
OAuth 2.0 refresher Talk
 

OAuth 2.0 refresher Talk

on

  • 765 views

AdWords API and using OAuth 2.0 — Client Login is going away.

AdWords API and using OAuth 2.0 — Client Login is going away.

Statistics

Views

Total Views
765
Views on SlideShare
765
Embed Views
0

Actions

Likes
2
Downloads
43
Comments
0

0 Embeds 0

No embeds

Accessibility

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

    OAuth 2.0 refresher Talk OAuth 2.0 refresher Talk Presentation Transcript

    • AdWords API Workshops – All rights reserved
    • OAuth 2.0 +Paul Matthews, Google, Inc. AdWords API Workshops – All rights reserved
    • Agenda 1. What is OAuth 2.0? 1 2 2. Preparation 3. Obtain an Access Token 3 4. Detail of OAuth 2.0 flows 5. Best practice AdWords API Workshops – All rights reserved 4 5
    • What is OAuth 2.0? AdWords API Workshops – All rights reserved
    • What is OAuth 2.0? ● Authorization for AdWords API ● Secure ● Simple ● Standard AdWords API Workshops – All rights reserved
    • The security of OAuth2 ● No Usernames or Passwords ● Only Tokens ● Specific Access Control ● Restrict Scope ● Easily revoke AdWords API Workshops – All rights reserved
    • The simplicity of OAuth2 Get Access Ask approval Interact with the AdWords API AdWords API Workshops – All rights reserved
    • The standard of OAuth2 ● Have you seen the dialog? ● User Consent ● Accept ● Cancel AdWords API Workshops – All rights reserved
    • The OAuth2 Flow Interact with the AdWords API Grant Access 1) Build URL 3) Exchange Code Your Application 2) Accept Consent The MCC User OAuth2 Servers The AdWords API Google Servers AdWords API Workshops – All rights reserved 4) Make Request 5) Refresh Access
    • Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
    • Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
    • Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
    • Preparation AdWords API Workshops – All rights reserved
    • Register your application http://code.google.com/apis/console ● Get an application identifier ● client_id ● client_secret AdWords API Workshops – All rights reserved
    • Create a new project at Google API Console AdWords API Workshops – All rights reserved
    • Create an OAuth 2.0 client ID AdWords API Workshops – All rights reserved
    • Web server or installed application? Choose Installed application unless you have many client accounts that need authorization. Choose Web server application when using many separately authorized accounts. AdWords API Workshops – All rights reserved
    • Choose your application type Installed Application AdWords API Workshops – All rights reserved
    • Now, you have client_id and client_secret AdWords API Workshops – All rights reserved
    • Obtain Access access_token & refresh_token AdWords API Workshops – All rights reserved
    • Why an Access Token? Get Access & Refresh Tokens Ask approval AdWords API Workshops – All rights reserved
    • With or without Client Libraries ● With Client Libraries ● Without Client Libraries AdWords API Workshops – All rights reserved
    • Client Libraries can Help ● Check your library for details! ● Example: ● Run script ● Authorize application ● Add refresh_token to config AdWords API Workshops – All rights reserved
    • How to get an Access Token 1. Construct URL 2. Obtain Consent 3. Receive Authorization Code 4. Exchange Code for Token 5. Store credentials AdWords API Workshops – All rights reserved
    • 1. Construct a URL https://accounts.google.com/o/oauth2/auth? access_type=offline& scope=https://adwords.google.com/api/adwords& redirect_uri=urn:ietf:wg:oauth:2.0:oob& response_type=code& client_id=xxxxxxx.apps.googleusercontent.com AdWords API Workshops – All rights reserved
    • 2. Obtain Consent ● Send User ● Accept permissions AdWords API Workshops – All rights reserved
    • 3. Receive Authorization Code > Enter authorization code here: 4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu AdWords API Workshops – All rights reserved
    • 4. Exchange Code for Token HTML POST /o/oauth2/token HTTP/1.1 Host: accounts.google.com Content-Type: application/x-www-form-urlencoded code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu& client_id=xxxxxxx.apps.googleusercontent.com& client_secret={client_secret}& redirect_uri=& grant_type=authorization_code AdWords API Workshops – All rights reserved
    • 5. Store credentials { "access_token" : "yaxx.xxxxxxxxxxxx", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/xxxxxxxxxxxxxxxxxxxg" } AdWords API Workshops – All rights reserved
    • Detail of OAuth 2.0 Flows AdWords API Workshops – All rights reserved
    • OAuth 2.0 Flows Google Supports Google supports common OAuth 2.0 scenarios ● Installed applications ● Web server applications ● Applications on limited-input devices AdWords API Workshops – All rights reserved
    • Differences Between Flows Registration to API Registration Use Console to API Authentication Console Code Client Secret Refresh Token Redirection Installed applications Required Yes Required Available URL, Text Web server applications Required Yes Required Available URL Applications on limited-input device Required - Required Available - AdWords API Workshops – All rights reserved
    • Offline or Online? Choose offline access when your applications works while a data owner is not in front of your application Offline access is good for typical AdWords API client which access Google Server to fetch user data and set value in background. AdWords API Workshops – All rights reserved
    • Best Practices AdWords API Workshops – All rights reserved
    • Best Practices ● Use offline as access type to get a refresh_token ● Store refresh_token to get a new access_token ● Use the MCC structure ● Authorize the top MCC AdWords API Workshops – All rights reserved
    • Storing & Sharing ● Storing Access Tokens ● Store the timestamp ● Sharing Access Tokens Between Threads AdWords API Workshops – All rights reserved
    • Useful information for Errors ● AuthenticationError.OAUTH_TOKEN_INVALID ○ On: Access Token expired ○ Resolution: get a new Access Token with Refresh token ● AuthenticationError.INVALID_GRANT_ERROR ○ On: Refresh Token revoked ○ Resolution: re-auth app with user consent AdWords API Workshops – All rights reserved
    • Appendix AdWords API Workshops – All rights reserved
    • Resources AdWords API Workshops – All rights reserved
    • Resources Docs Links: https://developers.google.com/accounts/docs/OAuth2 https://developers.google.com/accounts/docs/OAuth2WebServer https://developers.google.com/accounts/docs/OAuth2InstalledApp https://developers.google.com/adwords/api/docs/authentication#oauth https://code.google.com/apis/console
    • Questions? AdWords API Workshops – All rights reserved
    • AdWords API Workshops – All rights reserved