Hi Tim, You bring up a really good point, and an unfortunately common use case. I followed up with the authentication team, and they informed me that a password change will invalidate existing authTokens automatically. My own tests indicate that it takes about 10 minutes for an existing authToken to invalidate after a password change.
Best, - Eric On Dec 14, 8:37 pm, timprepscius <timprepsc...@gmail.com> wrote: > I would humbly suggest that the google changes authentication tokens > (soon) to be dependent on the password for the account for which the > authentication token was requested. > > Before, if somebody accidentally posted his e-mail and password and > other dev-tokens etc- he'd say, "whoa", and then go and change the > passwords on the accounts he just made writable by the world. > > But now, if somebody posts his authentication token to this forum, or > elsewherez, and the world will have write access until that token > expires. Perhaps I'm understanding this authentication token > incorrectly. Or perhaps google will allow people to request that > their authentication tokens be invalidated? > > Also, one might think that it would be ok, because actually the entity > that used that authentication token would be leaving a trail as they > did it. However, this will not be the case with anybody who knows > what they're doing. > > For instance, in the last week somebody posted their name/password to > this forum. Hopefully he changed his password. And hopefully he > changed his password before somebody requested an authentication > token. And/or, hopefully his account is small enough that if somebody > did get his authentication token and put bogus ads and keywords they > would be obvious. And not buried within a hundred different adgroups. > > Anyway, blah blah blah, etc etc etc, beating dead horse here, > > -tim > > On Dec 14, 10:38 am, AdWords API Advisor > > > > <adwordsapiadvi...@google.com> wrote: > > Hi Tim, > > > An authToken for the AdWords API is valid for two weeks, although it > > would be fine generating a new token every week or even every day. > > There is no need to wait for an authToken to expire before generating > > a new one, although requesting them too frequently (such as one per > > request) can lead to errors. > > > I don't believe password changed invalidate an authToken, and I am not > > aware of any way to manually invalidate an authToken. > > > In regards to errors, there isn't a comprehensive error code page in > > v2009 as there was in v13. Instead, each service has a number of > > defined error types and reasons. You can find these under the base > > type ApiError for each service: > > > http://code.google.com/apis/adwords/v2009/docs/reference/CampaignServ... > > > Best, > > - Eric Koleda, AdWords API Team > > > On Dec 13, 10:39 pm, timprepscius <timprepsc...@gmail.com> wrote: > > > > Greetings, > > > > The client login api specifies that authentication tokens expire in > > > "about a week." > > > What does this mean? > > > > Does this mean, 6-8 days? 4-10 days? Or 0 -> inf? > > > > I'd sorta actually like to just request new authentication tokens > > > every X days, and then not worry about having to figure out the errors > > > which an expired authentication token throws. I have a feeling though > > > this will not be an option. > > > > Also, if someone changes their password, will the authentication token > > > immediately expire? > > > > If not, is there a way to force an authentication token to expire? > > > > Also, is there a web page with all of the possible errors from adwords > > > 2009 enumerated. I can't find it, although I may easily be > > > overlooking it. > > > > Thanks in advance, > > > > -tim -- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-...@googlegroups.com. To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en.
