adwords api and oauth 2.0
TRANSCRIPT
![Page 1: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/1.jpg)
Google Confidential and Proprietary
AdWords API & OAuth 2.0Life after ClientLogin
![Page 2: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/2.jpg)
Google Confidential and Proprietary
Changes are coming for authentication of your applications.
Ch-Ch-Ch-Changes
![Page 3: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/3.jpg)
Google Confidential and Proprietary
How it works today:
1. Your app talks to authentication servers (blah blah blah)a. Your app gets an access token (AuthToken)
2. Your app talks to the AdWords API serversa. Passes in Developer Key and access tokenb. Your app has to periodically re-authenticate.
Today: blah blah blah is called ClientLogin
![Page 4: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/4.jpg)
Google Confidential and Proprietary
How it will work in the new world:
1. Your app talks to authentication servers (wah wah wah)a. Your app gets an access token.
2. Your app talks to the AdWords API serversa. Passes in Developer Key and access tokenb. Your app has to periodically re-authenticate.
New: wah wah wah is done with OAuth 2.0
![Page 5: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/5.jpg)
Google Confidential and Proprietary
DON'T PANIC!
● This shouldn't be a big deal for you.
● Will improve the security of your applications and data.
![Page 6: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/6.jpg)
Google Confidential and Proprietary
● Exposes username/passwords for MCC and client accounts.
● AuthTokens duration 2 weeks○ No way to revoke issued tokens
● Sunset by 2015○ Might be sooner○ Deprecated since last year
What's wrong with ClientLogin?
![Page 7: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/7.jpg)
Google Confidential and Proprietary
● OAuth 2.0 More secure
○ Does not expose password/username
○ Only exchange OAuth tokens
● More specific access control
○ Tokens can have restricted scope on data
○ Can easily revoke a token
○ Reduced impact if token compromised
● No CAPTCHA challenges.
● Have learned a lot from the mess of OAuth 1.0
Why OAuth 2.0?
![Page 8: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/8.jpg)
Google Confidential and Proprietary
Your Key Steps
1. Registering the OAuth application
2. Authenticating to get access token (AuthToken) and refresh token.
3. Call the AdWords API with the access token.
4. Handle token expiration.
Using OAuth 2.0
![Page 9: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/9.jpg)
Google Confidential and Proprietary
Step 1: Registering
Go to:https://code.google.com/apis/console
and create a new project
Using OAuth 2.0
![Page 10: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/10.jpg)
Google Confidential and Proprietary
Google APIs Console
![Page 11: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/11.jpg)
Google Confidential and Proprietary
Google APIs Console
![Page 12: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/12.jpg)
Google Confidential and Proprietary
Google APIs Console
![Page 13: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/13.jpg)
Google Confidential and Proprietary
Google APIs Console
![Page 14: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/14.jpg)
Google Confidential and Proprietary
Google APIs Console
![Page 15: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/15.jpg)
Google Confidential and Proprietary
Using OAuth 2.0
![Page 16: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/16.jpg)
Google Confidential and Proprietary
Step 2: Coding for OAuth 2.0
● Are you using the client libraries?
● Most are already up to date
○ Ruby
○ Java (new)
○ .NET
○ Python
○ Perl
● Rest will be coming soon
Using OAuth 2.0
![Page 17: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/17.jpg)
Google Confidential and Proprietary
Step 2: Coding by Hand
1. Send a request to the Google Authorization Server, with:a. what you want access to - https://adwords.google.
com/api/adwordsb. and the client_id and the client_secret
2. Next step requires actual user interact with a Google webpage, that allows you to:a. login with your MCC or client account credentialsb. authorize access to the given scope
3. This returns the accessToken and refreshToken to your app
Using OAuth 2.0
![Page 18: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/18.jpg)
Google Confidential and Proprietary
accessToken
● Access for ~ 1 hour
● Then expires
Step 2: How to use the tokens returned
![Page 19: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/19.jpg)
Google Confidential and Proprietary
accessToken
● Access for ~ 1 hour
● Then expires
Step 2: How to use the tokens returned
refreshToken
● Regenerates accessTokens● No user interaction required
![Page 20: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/20.jpg)
Google Confidential and Proprietary
accessToken
● Access for ~ 1 hour
● Then expires
Step 2: How to use the tokens returned
refreshToken
● Regenerates accessTokens● No user interaction required
● Be sure to store it
![Page 21: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/21.jpg)
Google Confidential and Proprietary
Step 2 (by hand): Let's look at some code
(This code is available on the web, so don't worry if you can't follow it all now.)
http://goo.gl/s6nmR
![Page 22: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/22.jpg)
Google Confidential and Proprietary
public Credential authorize() throws Exception { // set up file credential store to save/load tokens FileCredentialStore credentialStore = new FileCredentialStore( new File("~/Desktop/oauth.json"),JSON_FACTORY); // set up authorization code flow ...
// actually authorize ...}
Sample code - authorize()
![Page 23: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/23.jpg)
Google Confidential and Proprietary
public Credential authorize() throws Exception { // set up file credential store to save/load tokens FileCredentialStore credentialStore = new FileCredentialStore( new File("~/Desktop/oauth.json"),JSON_FACTORY);
// set up authorization code flow GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow .Builder(HTTP_TRANSPORT, JSON_FACTORY, CLIENT_ID, CLIENT_SECRET, AWAPI_SCOPE) .setCredentialStore(credentialStore) .build();
// actually authorize ...}
Sample code - authorize()
![Page 24: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/24.jpg)
Google Confidential and Proprietary
public Credential authorize() throws Exception { // set up file credential store to save/load tokens ...
// set up authorization code flow GoogleAuthorizationCodeFlow flow = new GoogleAuthorizationCodeFlow .Builder(HTTP_TRANSPORT, JSON_FACTORY, CLIENT_ID, CLIENT_SECRET, AWAPI_SCOPE) .setCredentialStore(credentialStore) .build();
// actually authorize return new AuthorizationCodeInstalledApp( flow, new LocalServerReceiver()) .authorize("user");}
Sample code - authorize()
![Page 25: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/25.jpg)
Google Confidential and Proprietary
// Construct AdWordsSession objectAdWordsSession session = new AdWordsSession .Builder()
.fromFile()
.withOAuth2Credential(credential)
.build();
// Construct AdWordsServices objectAdWordsServices adWordsServices = new AdWordsServices();
Sample code - connect()
![Page 26: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/26.jpg)
Google Confidential and Proprietary
Authentication Flows: You've got choices
● Web Server Flow○ Consent: Browser for consent○ Response: Redirects user to callback endpoint
● Installed App Flow○ Consent: URL provided - user pastes into browser○ Response: Display code - user paste into app
OR○ Consent: URL Provided - in app browser○ Response: Captures code - app returns to auth server
Futher Info
User Interaction | Programmatic
![Page 27: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/27.jpg)
Google Confidential and Proprietary
OAuth 2.0 Best Practices
● Use the refreshToken only on accessToken expiry
● Store the refreshToken for re-use○ To reduce user interaction
● Officially clientCustomerId needed only for reports
○ Recommended for all
Further Info
![Page 28: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/28.jpg)
Google Confidential and Proprietary
Coding by Hand: Handling Expired Tokens
● What? I need to handle token expirations?
● Theoretically, you should be able to restart requests today!○ ClientLogin auth tokens can time out.○ Server calls can fail in a way that suggest you should
retry.
![Page 29: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/29.jpg)
Google Confidential and Proprietary
Coding by Hand: Error Handling
Further Info
● Error: AuthenticationError.OAUTH_TOKEN_INVALID○ On: accessToken expired○ Resolution: use refreshToken
● Error: AuthenticationError.INVALID_GRANT_ERROR○ On: accessToken revoked○ Resolution: re-auth app with user consent
![Page 30: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/30.jpg)
Google Confidential and Proprietary
● Change is coming
● Shouldn't be a big deal
○ Will actually improve your app security
● Client library users should be ready to go now or soon.
Summary
![Page 31: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/31.jpg)
Q&A
![Page 32: AdWords API and OAuth 2.0](https://reader034.vdocuments.site/reader034/viewer/2022052310/554a273eb4c90520578b4a3b/html5/thumbnails/32.jpg)
Google Confidential and Proprietary
Docs Links:
https://developers.google.com/accounts/docs/OAuth2
Register app, get client_id & client_secret:
https://code.google.com/apis/console
Java Sample Code:
http://goo.gl/s6nmR
Resources