OAuth 2.0 refresher Talk
-
Upload
marcwan -
Category
Technology
-
view
865 -
download
25
description
Transcript of OAuth 2.0 refresher Talk
AdWords API Workshops – All rights reserved
AdWords API Workshops – All rights reserved
OAuth 2.0
+Paul Matthews, Google, Inc.
AdWords API Workshops – All rights reserved
1. What is OAuth 2.0?
2. Preparation
3. Obtain an Access Token
4. Detail of OAuth 2.0 flows
5. Best practice
Agenda
1
2
3
4
5
AdWords API Workshops – All rights reserved
What is OAuth 2.0?
AdWords API Workshops – All rights reserved
What is OAuth 2.0?
● Authorization for AdWords API
● Secure
● Simple
● Standard
AdWords API Workshops – All rights reserved
● No Usernames or Passwords
● Only Tokens
● Specific Access Control
● Restrict Scope
● Easily revoke
The security of OAuth2
AdWords API Workshops – All rights reserved
The simplicity of OAuth2
Interact with the AdWords API
Get AccessAsk approval
AdWords API Workshops – All rights reserved
The standard of OAuth2
● Have you seen the dialog?
● User Consent
● Accept
● Cancel
AdWords API Workshops – All rights reserved
2) Accept Consent
3) Exchange Code
The OAuth2 Flow
Your Application
The MCC User
Google Servers
1) Build URL 4) Make Request 5) Refresh Access
OAuth2 Servers
The AdWords API
Grant Access Interact with the AdWords API
AdWords API Workshops – All rights reserved
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
AdWords API Workshops – All rights reserved
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
AdWords API Workshops – All rights reserved
● access_token
● For making requests
● Lifetime 00:60
Access comes with 2 Tokens
● refresh_token
● Regenerates access_token
● Lifetime indefinite
● Store it!
AdWords API Workshops – All rights reserved
Preparation
AdWords API Workshops – All rights reserved
http://code.google.com/apis/console
● Get an application identifier● client_id● client_secret
Register your application
AdWords API Workshops – All rights reserved
Create a new project at Google API Console
AdWords API Workshops – All rights reserved
Create an OAuth 2.0 client ID
AdWords API Workshops – All rights reserved
Web server or installed application?
Choose Installed application unless you have many client accounts that need authorization.
Choose Web server application when using many separately authorized accounts.
AdWords API Workshops – All rights reserved
Installed Application
Choose your application type
AdWords API Workshops – All rights reserved
Now, you have client_id and client_secret
AdWords API Workshops – All rights reserved
Obtain Accessaccess_token & refresh_token
AdWords API Workshops – All rights reserved
Why an Access Token?
Get Access & Refresh TokensAsk approval
AdWords API Workshops – All rights reserved
With or without Client Libraries
● With Client Libraries
● Without Client Libraries
AdWords API Workshops – All rights reserved
● Check your library for details!
● Example:
● Run script
● Authorize application
● Add refresh_token to config
Client Libraries can Help
AdWords API Workshops – All rights reserved
1. Construct URL
2. Obtain Consent
3. Receive Authorization Code
4. Exchange Code for Token
5. Store credentials
How to get an Access Token
AdWords API Workshops – All rights reserved
https://accounts.google.com/o/oauth2/auth?
access_type=offline&
scope=https://adwords.google.com/api/adwords&
redirect_uri=urn:ietf:wg:oauth:2.0:oob&
response_type=code&
client_id=xxxxxxx.apps.googleusercontent.com
1. Construct a URL
AdWords API Workshops – All rights reserved
● Send User
● Accept permissions
2. Obtain Consent
AdWords API Workshops – All rights reserved
> Enter authorization code here:
4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu
3. Receive Authorization Code
HTML
AdWords API Workshops – All rights reserved
POST /o/oauth2/token HTTP/1.1 Host: accounts.google.com Content-Type: application/x-www-form-urlencoded code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu& client_id=xxxxxxx.apps.googleusercontent.com& client_secret={client_secret}& redirect_uri=& grant_type=authorization_code
4. Exchange Code for Token
AdWords API Workshops – All rights reserved
{"access_token" : "yaxx.xxxxxxxxxxxx","token_type" : "Bearer","expires_in" : 3600,"refresh_token" : "1/xxxxxxxxxxxxxxxxxxxg"
}
5. Store credentials
AdWords API Workshops – All rights reserved
Detail of OAuth 2.0 Flows
AdWords API Workshops – All rights reserved
Google supports common OAuth 2.0 scenarios
● Installed applications
● Web server applications
● Applications on limited-input devices
OAuth 2.0 Flows Google Supports
AdWords API Workshops – All rights reserved
Differences Between Flows
Registration to API Console
Registration to API Console
Use Authentication Code
Client Secret
Refresh Token
Redirection
Installed applications
Required Yes Required Available URL, Text
Web server applications
Required Yes Required Available URL
Applications on limited-input device
Required - Required Available -
AdWords API Workshops – All rights reserved
Choose offline access when your applications works while a data owner is not in front of your application
Offline access is good for typical AdWords API client which access Google Server to fetch user data and set value in background.
Offline or Online?
AdWords API Workshops – All rights reserved
Best Practices
AdWords API Workshops – All rights reserved
● Use offline as access type to get a refresh_token
● Store refresh_token to get a new access_token
● Use the MCC structure
● Authorize the top MCC
Best Practices
AdWords API Workshops – All rights reserved
Storing & Sharing
● Storing Access Tokens
● Store the timestamp
● Sharing Access Tokens Between Threads
AdWords API Workshops – All rights reserved
● AuthenticationError.OAUTH_TOKEN_INVALID○ On: Access Token expired○ Resolution: get a new Access Token with Refresh token
● AuthenticationError.INVALID_GRANT_ERROR○ On: Refresh Token revoked○ Resolution: re-auth app with user consent
Useful information for Errors
AdWords API Workshops – All rights reserved
Appendix
AdWords API Workshops – All rights reserved
Resources
Docs Links:
https://developers.google.com/accounts/docs/OAuth2
https://developers.google.com/accounts/docs/OAuth2WebServer
https://developers.google.com/accounts/docs/OAuth2InstalledApp
https://developers.google.com/adwords/api/docs/authentication#oauth
https://code.google.com/apis/console
Resources
AdWords API Workshops – All rights reserved
Questions?
AdWords API Workshops – All rights reserved