oauth 2.0 refresher talk
DESCRIPTION
AdWords API and using OAuth 2.0 — Client Login is going away.TRANSCRIPT
![Page 1: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/1.jpg)
AdWords API Workshops – All rights reserved
![Page 2: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/2.jpg)
AdWords API Workshops – All rights reserved
OAuth 2.0
+Paul Matthews, Google, Inc.
![Page 3: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/3.jpg)
AdWords API Workshops – All rights reserved
1. What is OAuth 2.0?
2. Preparation
3. Obtain an Access Token
4. Detail of OAuth 2.0 flows
5. Best practice
Agenda
1
2
3
4
5
![Page 4: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/4.jpg)
AdWords API Workshops – All rights reserved
What is OAuth 2.0?
![Page 5: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/5.jpg)
AdWords API Workshops – All rights reserved
What is OAuth 2.0?
● Authorization for AdWords API
● Secure
● Simple
● Standard
![Page 6: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/6.jpg)
AdWords API Workshops – All rights reserved
● No Usernames or Passwords
● Only Tokens
● Specific Access Control
● Restrict Scope
● Easily revoke
The security of OAuth2
![Page 7: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/7.jpg)
AdWords API Workshops – All rights reserved
The simplicity of OAuth2
Interact with the AdWords API
Get AccessAsk approval
![Page 8: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/8.jpg)
AdWords API Workshops – All rights reserved
The standard of OAuth2
● Have you seen the dialog?
● User Consent
● Accept
● Cancel
![Page 9: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/9.jpg)
AdWords API Workshops – All rights reserved
2) Accept Consent
3) Exchange Code
The OAuth2 Flow
Your Application
The MCC User
Google Servers
1) Build URL 4) Make Request 5) Refresh Access
OAuth2 Servers
The AdWords API
Grant Access Interact with the AdWords API
![Page 10: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/10.jpg)
AdWords API Workshops – All rights reserved
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
![Page 11: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/11.jpg)
AdWords API Workshops – All rights reserved
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
![Page 12: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/12.jpg)
AdWords API Workshops – All rights reserved
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
![Page 13: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/13.jpg)
AdWords API Workshops – All rights reserved
Preparation
![Page 14: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/14.jpg)
AdWords API Workshops – All rights reserved
http://code.google.com/apis/console
● Get an application identifier● client_id● client_secret
Register your application
![Page 15: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/15.jpg)
AdWords API Workshops – All rights reserved
Create a new project at Google API Console
![Page 16: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/16.jpg)
AdWords API Workshops – All rights reserved
Create an OAuth 2.0 client ID
![Page 17: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/17.jpg)
AdWords API Workshops – All rights reserved
Web server or installed application?
Choose Installed application unless you have many client accounts that need authorization.
Choose Web server application when using many separately authorized accounts.
![Page 18: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/18.jpg)
AdWords API Workshops – All rights reserved
Installed Application
Choose your application type
![Page 19: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/19.jpg)
AdWords API Workshops – All rights reserved
Now, you have client_id and client_secret
![Page 20: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/20.jpg)
AdWords API Workshops – All rights reserved
Obtain Accessaccess_token & refresh_token
![Page 21: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/21.jpg)
AdWords API Workshops – All rights reserved
Why an Access Token?
Get Access & Refresh TokensAsk approval
![Page 22: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/22.jpg)
AdWords API Workshops – All rights reserved
With or without Client Libraries
● With Client Libraries
● Without Client Libraries
![Page 23: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/23.jpg)
AdWords API Workshops – All rights reserved
● Check your library for details!
● Example:
● Run script
● Authorize application
● Add refresh_token to config
Client Libraries can Help
![Page 24: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/24.jpg)
AdWords API Workshops – All rights reserved
1. Construct URL
2. Obtain Consent
3. Receive Authorization Code
4. Exchange Code for Token
5. Store credentials
How to get an Access Token
![Page 25: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/25.jpg)
AdWords API Workshops – All rights reserved
https://accounts.google.com/o/oauth2/auth?
access_type=offline&
scope=https://adwords.google.com/api/adwords&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
response_type=code&
client_id=xxxxxxx.apps.googleusercontent.com
1. Construct a URL
![Page 26: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/26.jpg)
AdWords API Workshops – All rights reserved
● Send User
● Accept permissions
2. Obtain Consent
![Page 27: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/27.jpg)
AdWords API Workshops – All rights reserved
> Enter authorization code here:
4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu
3. Receive Authorization Code
![Page 28: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/28.jpg)
HTML
AdWords API Workshops – All rights reserved
POST /o/oauth2/token HTTP/1.1 Host: accounts.google.com Content-Type: application/x-www-form-urlencoded code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu& client_id=xxxxxxx.apps.googleusercontent.com& client_secret={client_secret}& redirect_uri=& grant_type=authorization_code
4. Exchange Code for Token
![Page 29: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/29.jpg)
AdWords API Workshops – All rights reserved
{"access_token" : "yaxx.xxxxxxxxxxxx","token_type" : "Bearer","expires_in" : 3600,"refresh_token" : "1/xxxxxxxxxxxxxxxxxxxg"
}
5. Store credentials
![Page 30: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/30.jpg)
AdWords API Workshops – All rights reserved
Detail of OAuth 2.0 Flows
![Page 31: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/31.jpg)
AdWords API Workshops – All rights reserved
Google supports common OAuth 2.0 scenarios
● Installed applications
● Web server applications
● Applications on limited-input devices
OAuth 2.0 Flows Google Supports
![Page 32: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/32.jpg)
AdWords API Workshops – All rights reserved
Differences Between Flows
Registration to API Console
Registration to API Console
Use Authentication Code
Client Secret
Refresh Token
Redirection
Installed applications
Required Yes Required Available URL, Text
Web server applications
Required Yes Required Available URL
Applications on limited-input device
Required - Required Available -
![Page 33: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/33.jpg)
AdWords API Workshops – All rights reserved
Choose offline access when your applications works while a data owner is not in front of your application
Offline access is good for typical AdWords API client which access Google Server to fetch user data and set value in background.
Offline or Online?
![Page 34: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/34.jpg)
AdWords API Workshops – All rights reserved
Best Practices
![Page 35: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/35.jpg)
AdWords API Workshops – All rights reserved
● Use offline as access type to get a refresh_token
● Store refresh_token to get a new access_token
● Use the MCC structure
● Authorize the top MCC
Best Practices
![Page 36: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/36.jpg)
AdWords API Workshops – All rights reserved
Storing & Sharing
● Storing Access Tokens
● Store the timestamp
● Sharing Access Tokens Between Threads
![Page 37: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/37.jpg)
AdWords API Workshops – All rights reserved
● AuthenticationError.OAUTH_TOKEN_INVALID○ On: Access Token expired○ Resolution: get a new Access Token with Refresh token
● AuthenticationError.INVALID_GRANT_ERROR○ On: Refresh Token revoked○ Resolution: re-auth app with user consent
Useful information for Errors
![Page 38: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/38.jpg)
AdWords API Workshops – All rights reserved
Appendix
![Page 39: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/39.jpg)
AdWords API Workshops – All rights reserved
Resources
![Page 40: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/40.jpg)
Docs Links:
https://developers.google.com/accounts/docs/OAuth2
https://developers.google.com/accounts/docs/OAuth2WebServer
https://developers.google.com/accounts/docs/OAuth2InstalledApp
https://developers.google.com/adwords/api/docs/authentication#oauth
https://code.google.com/apis/console
Resources
![Page 41: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/41.jpg)
AdWords API Workshops – All rights reserved
Questions?
![Page 42: OAuth 2.0 refresher Talk](https://reader034.vdocument.in/reader034/viewer/2022042700/554a27ecb4c9051b578b4ac4/html5/thumbnails/42.jpg)
AdWords API Workshops – All rights reserved