OAuth 2.0 refresher Talk

1,427 views

Published on

AdWords API and using OAuth 2.0 — Client Login is going away.

Published in: Technology, News & Politics
0 Comments
3 Likes
Statistics
Notes
  • Be the first to comment

No Downloads
Views
Total views
1,427
On SlideShare
0
From Embeds
0
Number of Embeds
3
Actions
Shares
0
Downloads
53
Comments
0
Likes
3
Embeds 0
No embeds

No notes for slide

OAuth 2.0 refresher Talk

  1. 1. AdWords API Workshops – All rights reserved
  2. 2. OAuth 2.0 +Paul Matthews, Google, Inc. AdWords API Workshops – All rights reserved
  3. 3. Agenda 1. What is OAuth 2.0? 1 2 2. Preparation 3. Obtain an Access Token 3 4. Detail of OAuth 2.0 flows 5. Best practice AdWords API Workshops – All rights reserved 4 5
  4. 4. What is OAuth 2.0? AdWords API Workshops – All rights reserved
  5. 5. What is OAuth 2.0? ● Authorization for AdWords API ● Secure ● Simple ● Standard AdWords API Workshops – All rights reserved
  6. 6. The security of OAuth2 ● No Usernames or Passwords ● Only Tokens ● Specific Access Control ● Restrict Scope ● Easily revoke AdWords API Workshops – All rights reserved
  7. 7. The simplicity of OAuth2 Get Access Ask approval Interact with the AdWords API AdWords API Workshops – All rights reserved
  8. 8. The standard of OAuth2 ● Have you seen the dialog? ● User Consent ● Accept ● Cancel AdWords API Workshops – All rights reserved
  9. 9. The OAuth2 Flow Interact with the AdWords API Grant Access 1) Build URL 3) Exchange Code Your Application 2) Accept Consent The MCC User OAuth2 Servers The AdWords API Google Servers AdWords API Workshops – All rights reserved 4) Make Request 5) Refresh Access
  10. 10. Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
  11. 11. Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
  12. 12. Access comes with 2 Tokens ● access_token ● refresh_token ● For making requests ● Regenerates access_token ● Lifetime 00:60 ● Lifetime indefinite ● Store it! AdWords API Workshops – All rights reserved
  13. 13. Preparation AdWords API Workshops – All rights reserved
  14. 14. Register your application http://code.google.com/apis/console ● Get an application identifier ● client_id ● client_secret AdWords API Workshops – All rights reserved
  15. 15. Create a new project at Google API Console AdWords API Workshops – All rights reserved
  16. 16. Create an OAuth 2.0 client ID AdWords API Workshops – All rights reserved
  17. 17. Web server or installed application? Choose Installed application unless you have many client accounts that need authorization. Choose Web server application when using many separately authorized accounts. AdWords API Workshops – All rights reserved
  18. 18. Choose your application type Installed Application AdWords API Workshops – All rights reserved
  19. 19. Now, you have client_id and client_secret AdWords API Workshops – All rights reserved
  20. 20. Obtain Access access_token & refresh_token AdWords API Workshops – All rights reserved
  21. 21. Why an Access Token? Get Access & Refresh Tokens Ask approval AdWords API Workshops – All rights reserved
  22. 22. With or without Client Libraries ● With Client Libraries ● Without Client Libraries AdWords API Workshops – All rights reserved
  23. 23. Client Libraries can Help ● Check your library for details! ● Example: ● Run script ● Authorize application ● Add refresh_token to config AdWords API Workshops – All rights reserved
  24. 24. How to get an Access Token 1. Construct URL 2. Obtain Consent 3. Receive Authorization Code 4. Exchange Code for Token 5. Store credentials AdWords API Workshops – All rights reserved
  25. 25. 1. Construct a URL https://accounts.google.com/o/oauth2/auth? access_type=offline& scope=https://adwords.google.com/api/adwords& redirect_uri=urn:ietf:wg:oauth:2.0:oob& response_type=code& client_id=xxxxxxx.apps.googleusercontent.com AdWords API Workshops – All rights reserved
  26. 26. 2. Obtain Consent ● Send User ● Accept permissions AdWords API Workshops – All rights reserved
  27. 27. 3. Receive Authorization Code > Enter authorization code here: 4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu AdWords API Workshops – All rights reserved
  28. 28. 4. Exchange Code for Token HTML POST /o/oauth2/token HTTP/1.1 Host: accounts.google.com Content-Type: application/x-www-form-urlencoded code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu& client_id=xxxxxxx.apps.googleusercontent.com& client_secret={client_secret}& redirect_uri=& grant_type=authorization_code AdWords API Workshops – All rights reserved
  29. 29. 5. Store credentials { "access_token" : "yaxx.xxxxxxxxxxxx", "token_type" : "Bearer", "expires_in" : 3600, "refresh_token" : "1/xxxxxxxxxxxxxxxxxxxg" } AdWords API Workshops – All rights reserved
  30. 30. Detail of OAuth 2.0 Flows AdWords API Workshops – All rights reserved
  31. 31. OAuth 2.0 Flows Google Supports Google supports common OAuth 2.0 scenarios ● Installed applications ● Web server applications ● Applications on limited-input devices AdWords API Workshops – All rights reserved
  32. 32. Differences Between Flows Registration to API Registration Use Console to API Authentication Console Code Client Secret Refresh Token Redirection Installed applications Required Yes Required Available URL, Text Web server applications Required Yes Required Available URL Applications on limited-input device Required - Required Available - AdWords API Workshops – All rights reserved
  33. 33. Offline or Online? Choose offline access when your applications works while a data owner is not in front of your application Offline access is good for typical AdWords API client which access Google Server to fetch user data and set value in background. AdWords API Workshops – All rights reserved
  34. 34. Best Practices AdWords API Workshops – All rights reserved
  35. 35. Best Practices ● Use offline as access type to get a refresh_token ● Store refresh_token to get a new access_token ● Use the MCC structure ● Authorize the top MCC AdWords API Workshops – All rights reserved
  36. 36. Storing & Sharing ● Storing Access Tokens ● Store the timestamp ● Sharing Access Tokens Between Threads AdWords API Workshops – All rights reserved
  37. 37. Useful information for Errors ● AuthenticationError.OAUTH_TOKEN_INVALID ○ On: Access Token expired ○ Resolution: get a new Access Token with Refresh token ● AuthenticationError.INVALID_GRANT_ERROR ○ On: Refresh Token revoked ○ Resolution: re-auth app with user consent AdWords API Workshops – All rights reserved
  38. 38. Appendix AdWords API Workshops – All rights reserved
  39. 39. Resources AdWords API Workshops – All rights reserved
  40. 40. Resources Docs Links: https://developers.google.com/accounts/docs/OAuth2 https://developers.google.com/accounts/docs/OAuth2WebServer https://developers.google.com/accounts/docs/OAuth2InstalledApp https://developers.google.com/adwords/api/docs/authentication#oauth https://code.google.com/apis/console
  41. 41. Questions? AdWords API Workshops – All rights reserved
  42. 42. AdWords API Workshops – All rights reserved

×