Hi Rob, Ray or I will let you know as soon as we have any updates from the relevant teams, but for the time being if you need to reset a *client_secret* you can do so from the prior version of developer console. To get to the prior version, click the *Return to original console* link at the bottom of https://console.developers.google.com/project.
Cheers, Josh, AdWords API Team On Monday, June 9, 2014 4:14:52 AM UTC-4, Rob wrote: > > Hi Ray, > > So far my post on that forum has gained a couple of votes and comments but > nothing from the Google team. > > This is a serious security request, as we cannot change what is > effectively our application password. That could result in leaks or damage > to your clients' data if it's not addressed. Please could you escalate this > if at all possible. > > On Friday, 16 May 2014 13:25:16 UTC+1, Ray Tsang (AdWords API Team) wrote: >> >> Thanks Rob. I've also notified the relevant teams. >> >> Cheers, >> >> Ray >> >> On Thursday, May 15, 2014 3:10:34 PM UTC+2, Rob wrote: >>> >>> Thanks Ray, I've posted a question there... >>> >>> >>> http://stackoverflow.com/questions/23679229/generating-a-new-client-secret >>> >>> Rob. >>> >>> On Thursday, 15 May 2014 11:59:04 UTC+1, Ray Tsang (AdWords API Team) >>> wrote: >>>> >>>> Rob, >>>> >>>> I've noted this down. However, I'm only able to help resolving AdWords >>>> API issues. This is more related to the accounts and authentications >>>> <https://developers.google.com/accounts/> in general. >>>> >>>> Could I trouble you to reach out via Google Accounts API related forums >>>> <https://developers.google.com/accounts/forum>? >>>> >>>> Thanks, >>>> >>>> Ray >>>> >>>> On Wednesday, May 14, 2014 6:51:44 PM UTC+2, Rob wrote: >>>>> >>>>> Note that Bing Ads allow changing the client secret for a given ID in >>>>> their Developer Center... it shouldn't be that difficult for Google! >>>>> >>>>> On Wednesday, 14 May 2014 17:37:19 UTC+1, Rob wrote: >>>>>> >>>>>> Hi, >>>>>> >>>>>> Is there a way to change the OAuth2 client secret without changing >>>>>> the client ID? >>>>>> >>>>>> From what I can see, the only option is to generate a new client ID >>>>>> and secret together, meaning any refresh tokens obtained against the old >>>>>> client ID are effectively useless. >>>>>> >>>>>> If that is the case, what's the point of having a separate ID and >>>>>> secret? Surely they should just be a single property of the application. >>>>>> >>>>>> This appears to be a design flaw with separating authentication from >>>>>> authorization. I can't periodically change the client secret as a >>>>>> security >>>>>> best practice (like changing your password on a regular basis) without >>>>>> having to get all my clients to re-authorize me. >>>>>> >>>>> -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/d/optout.
