Hello, Essentially, if you have a Google Workspace setup, then Google can handle some parts of the authentication for you, and ensure that only users within your Workspace domain are able to create refresh tokens.
If you aren't using that, then Google does not do any checking of this sort on our side, meaning that the burden is on you to provide your own security measures to ensure that the correct subset of users is able to log in. Remember, that what we're doing here is a workaround for your edge-case situation, and the "normal" situation for someone choosing this option would be for someone who was choosing to publish their app widely. However, in your case, where you have no intention of doing that, what this message really boils down to is that Google is not going to restrict who can create refresh tokens to only people within your Google Workspace domain. But you can still restrict that, by not sharing your client ID and client secret, and by building up your own login system. Regards, Mike, Google Ads API Team ref:_00D1U1174p._5004Q2ewsYl:ref -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "Google Ads API and AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/rBJoT000000000000000000000000000000000000000000000RM6SAH00vwIdyuHHTRujvwiJLqYJHw%40sfdc.net.
