Google AdWords API access w/ grant_type password

0
votes

I have a server side application in python that is calling the AdWords API. Since ClientLogin is being deprecated I'm going to have to use OAuth 2.0. Basically I need to generate an access token but I don't want any user interaction (to allow access the app) because I'm always using the same username and password on the server, and I'd like to use that username and password to make the AdWords API calls.

I believe the right way to do it is through a grant_type of 'password' oauth2 call to https://accounts.google.com/o/oauth2/token. And this is what I understood from the OAuth2.0 RFC (http://tools.ietf.org/html/rfc6749#page-38). The RFC says that the request/query string must contain 3 parameters: grant_type (set to 'password'), username and password.

So I constructed my curl script, which looks like:

curl -v --data "grant_type=password&username=user@gmail.com&password=password" https://accounts.google.com/o/oauth2/token

But I launch the command and I get back with the response from google:

{"error" : "invalid_request"}

Am I missing something? Is there a simple python library that supports grant_type=password and that has a decent enough documentation?

1
pythonauthenticationoauth-2.0google-ads-apigoogle-authentication

1 Answers

2
votes

This grant type isn't supported by the AdWords API, so you can't get an access token using a username and password, but you can get one using a refresh token. Your application just needs to store the refresh token and use it to get new access tokens from the OAuth API. You only need to authorize the account and get the code once; after you input the code into the example, you'll get an access and refresh token.

Here's an outline of the process:

1: Construct an authorization URL:

https://accounts.google.com/o/oauth2/auth?response_type=code&client_id=1234567890123.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://adwords.google.com/api/adwords/&access_type=offline

Note the access_type of offline that requests a refresh token, which you can use to generate new access tokens when they expire.

2: Browse to the URL and authorize your account.

3: Extract the code from the redirect page, and request your access and refresh tokens:

curl -v --data "code=4/v6xr77ewYqhvHSyW6UJ1w7jKwAzu&client_id=8819981768.apps.googleusercontent.com&client_secret={client_secret}&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" https://accounts.google.com/o/oauth2/token

This should return your access and refresh tokens:

{
  "access_token":"1/fFAGRNJru1FTz70BzhT3Zg",
  "expires_in":3920,
  "token_type":"Bearer",
  "refresh_token":"1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI"
}

4: The access token only lasts for an hour, but you can use the refresh token to generate a new one without repeating steps 1-3:

curl -v --data "client_id=8819981768.apps.googleusercontent.com& client_secret={client_secret}&refresh_token=1/xEoDL4iW3cxlI7yDbSRFYNG01kVKM2C-259HOF2aQbI& grant_type=refresh_token" https://accounts.google.com/o/oauth2/token

You can find a Python-specific example here.