3. Agenda
1. What is OAuth 2.0?
1
2
2. Preparation
3. Obtain an Access Token
3
4. Detail of OAuth 2.0 flows
5. Best practice
AdWords API Workshops – All rights reserved
4
5
4. What is OAuth 2.0?
AdWords API Workshops – All rights reserved
5. What is OAuth 2.0?
● Authorization for AdWords API
● Secure
● Simple
● Standard
AdWords API Workshops – All rights reserved
6. The security of OAuth2
● No Usernames or Passwords
● Only Tokens
● Specific Access Control
● Restrict Scope
● Easily revoke
AdWords API Workshops – All rights reserved
7. The simplicity of OAuth2
Get Access
Ask approval
Interact with the AdWords API
AdWords API Workshops – All rights reserved
8. The standard of OAuth2
● Have you seen the dialog?
● User Consent
●
Accept
●
Cancel
AdWords API Workshops – All rights reserved
9. The OAuth2 Flow
Interact with the AdWords API
Grant Access
1) Build URL
3) Exchange Code
Your Application
2) Accept Consent
The MCC User
OAuth2 Servers
The AdWords API
Google Servers
AdWords API Workshops – All rights reserved
4) Make Request
5) Refresh Access
10. Access comes with 2 Tokens
● access_token
● refresh_token
● For making requests
● Regenerates access_token
● Lifetime 00:60
● Lifetime indefinite
● Store it!
AdWords API Workshops – All rights reserved
11. Access comes with 2 Tokens
● access_token
● refresh_token
● For making requests
● Regenerates access_token
● Lifetime 00:60
● Lifetime indefinite
● Store it!
AdWords API Workshops – All rights reserved
12. Access comes with 2 Tokens
● access_token
● refresh_token
● For making requests
● Regenerates access_token
● Lifetime 00:60
● Lifetime indefinite
● Store it!
AdWords API Workshops – All rights reserved
15. Create a new project at Google API Console
AdWords API Workshops – All rights reserved
16. Create an OAuth 2.0 client ID
AdWords API Workshops – All rights reserved
17. Web server or installed application?
Choose Installed application unless you have many
client accounts that need authorization.
Choose Web server application when using many
separately authorized accounts.
AdWords API Workshops – All rights reserved
18. Choose your application type
Installed Application
AdWords API Workshops – All rights reserved
19. Now, you have client_id and client_secret
AdWords API Workshops – All rights reserved
21. Why an Access Token?
Get Access & Refresh Tokens
Ask approval
AdWords API Workshops – All rights reserved
22. With or without Client Libraries
● With Client Libraries
● Without Client Libraries
AdWords API Workshops – All rights reserved
23. Client Libraries can Help
● Check your library for details!
● Example:
● Run script
● Authorize application
● Add refresh_token to config
AdWords API Workshops – All rights reserved
24. How to get an Access Token
1. Construct URL
2. Obtain Consent
3. Receive Authorization Code
4. Exchange Code for Token
5. Store credentials
AdWords API Workshops – All rights reserved
25. 1. Construct a URL
https://accounts.google.com/o/oauth2/auth?
access_type=offline&
scope=https://adwords.google.com/api/adwords&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
response_type=code&
client_id=xxxxxxx.apps.googleusercontent.com
AdWords API Workshops – All rights reserved
26. 2. Obtain Consent
● Send User
● Accept permissions
AdWords API Workshops – All rights reserved
27. 3. Receive Authorization Code
> Enter authorization code here:
4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu
AdWords API Workshops – All rights reserved
28. 4. Exchange Code for Token
HTML
POST /o/oauth2/token HTTP/1.1
Host: accounts.google.com
Content-Type: application/x-www-form-urlencoded
code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&
client_id=xxxxxxx.apps.googleusercontent.com&
client_secret={client_secret}&
redirect_uri=&
grant_type=authorization_code
AdWords API Workshops – All rights reserved
29. 5. Store credentials
{
"access_token" : "yaxx.xxxxxxxxxxxx",
"token_type" : "Bearer",
"expires_in" : 3600,
"refresh_token" : "1/xxxxxxxxxxxxxxxxxxxg"
}
AdWords API Workshops – All rights reserved
30. Detail of OAuth 2.0 Flows
AdWords API Workshops – All rights reserved
31. OAuth 2.0 Flows Google Supports
Google supports common OAuth 2.0 scenarios
● Installed applications
● Web server applications
● Applications on limited-input devices
AdWords API Workshops – All rights reserved
32. Differences Between Flows
Registration to API Registration Use
Console
to API
Authentication
Console
Code
Client
Secret
Refresh
Token
Redirection
Installed
applications
Required
Yes
Required
Available
URL, Text
Web server
applications
Required
Yes
Required
Available
URL
Applications on
limited-input device
Required
-
Required
Available
-
AdWords API Workshops – All rights reserved
33. Offline or Online?
Choose offline access when your applications works
while a data owner is not in front of your application
Offline access is good for typical AdWords API client which
access Google Server to fetch user data and set value in
background.
AdWords API Workshops – All rights reserved
35. Best Practices
● Use offline as access type to get a refresh_token
● Store refresh_token to get a new access_token
● Use the MCC structure
● Authorize the top MCC
AdWords API Workshops – All rights reserved
36. Storing & Sharing
● Storing Access Tokens
● Store the timestamp
● Sharing Access Tokens Between Threads
AdWords API Workshops – All rights reserved
37. Useful information for Errors
● AuthenticationError.OAUTH_TOKEN_INVALID
○ On: Access Token expired
○ Resolution: get a new Access Token with Refresh token
● AuthenticationError.INVALID_GRANT_ERROR
○ On: Refresh Token revoked
○ Resolution: re-auth app with user consent
AdWords API Workshops – All rights reserved