Hi,
I'm doing to implementation for Google ads automation system through by Google APIs. My code is referenced to documents of Google Ads API. ( https://github.com/googleads/googleads-php-lib/blob/master/examples/AdWords/v201809/AccountManagement/CreateAccount.php ) I have a two ideas for implementation it. However, when I execution my code then I can seeing some problem ( AuthorizationError.USER_PERMISSION_DENIED). So I wish your review and evaluation about it. *1. common configurations.* First, I made 'client ID' and 'client secret' from "Google API Console Credentials page.". This values is *11111111111-aaaaaaaaaaaaaaaaa.apps.googleusercontent.com* (client ID) and *bbbbbbbbbbbbbbbb* (client secret). Second, I finished to confirm and received the developer token from Google. This value is "*cccccccccccccc_ddddd*". Third, I sended to MCA (Multi-client account) request to Google for using my merchant center and I got approved it. My client customer id for Google Ads API is *111-222-3333*. *- preconditions for below two ideas.* *Alice* : customer of this service (al...@google.com) *Service* : partner of Google (service.part...@google.com) <-- implemented code *2. Idea 1* First, creating Google Ads account to using Alice's refresh token. So, Service called by grantOfflineAccess() from gapi.auth2.getAuthInstance() of javascript for got Alice's offline code. Before at this time, Service called gapi.client.init(). "apiKey" property value is "*yyyyyyyyyyyyyyyyyy_zzzzzzzzzzzzzzzzzzzzzz* " in gapi.client.init() function. And the after, Service thrown by Alice's offline code to background process. - code - <script> *var* GoogleAuth;*var* SCOPE = "https://www.googleapis.com/auth/userinfo.profile https://www.googleapis.com/auth/userinfo.email https://www.googleapis.com/auth/siteverification https://www.googleapis.com/auth/content https://www.googleapis.com/auth/adwords";*var* offlineCode; gapi.client.init(*{* 'apiKey': 'yyyyyyyyyyyyyyyyyy_zzzzzzzzzzzzzzzzzzzzz', 'discoveryDocs': *[*"https://www.googleapis.com/discovery/v1/apis/drive/v3/rest"*]*, 'clientId': '11111111111-aaaaaaaaaaaaaaaaa.apps.googleusercontent.com', "prompt" : "consent", 'scope': SCOPE*}*).then(*function* () *{* GoogleAuth = gapi.auth2.getAuthInstance(); GoogleAuth.isSignedIn.listen(updateSigninStatus); $('#btnGoogleSignIn').click(*function*() *{* handleAuthClick(); *}*);*}*); *function* handleAuthClick()*{* if (GoogleAuth.isSignedIn.get()) *{* GoogleAuth.signOut(); *}* else *{* GoogleAuth.grantOfflineAccess(*{* "prompt" : "consent", 'scope': SCOPE *}*).then(*function*(resp) *{* offlineCode = resp.code; *}*); *}* *}* </script> Second, background process was getting Alice's refresh token by below code. $*scopes* = PROFILE_API_SCOPE.' '.EMAIL_API_SCOPE.' '. SITEVERIFICATION_API_SCOPE.' '.CONTENT_API_SCOPE.' '.ADWORDS_API_SCOPE; $*oauth2* = new OAuth2([ 'authorizationUri' => "https://accounts.google.com/o/oauth2/v2/auth";, 'redirectUri' => 'postmessage', 'tokenCredentialUri' => CredentialsLoader::TOKEN_CREDENTIAL_URI, 'clientId' => "11111111111-aaaaaaaaaaaaaaaaa.apps.googleusercontent.com", 'clientSecret' => "bbbbbbbbbbbbbbbb", 'scope' => $*scopes* ]); $*oauth2*->setCode(/* Alice's offline code */);$*authToken* = $*oauth2*->fetchAuthToken(); Third, if successded getting Alice's refresh token then background process was trying create account of Google Ads by below code. $*oAuth2Credential* = (new OAuth2TokenBuilder())->withClientId("11111111111-aaaaaaaaaaaaaaaaa.apps.googleusercontent.com")->withClientSecret("bbbbbbbbbbbbbbbb")->withRefreshToken(/* Alice's refresh toekn */)->build(); $*session* = (new AdWordsSessionBuilder())->withDeveloperToken("cccccccccccccc_ddddd")->withOAuth2Credential($*oAuth2Credential*)->withClientCustomerId("111-222-3333")->build(); $*adWordsServices* = new AdWordsServices(); $*managedCustomerService* = $*adWordsServices*->get($*session*, ManagedCustomerService::class ); $*customer* = new ManagedCustomer();$*customer*->*setName*('Account #' . *uniqid*());$*customer*->setCurrencyCode('KRW');$*customer*->setDateTimeZone('Asia/Seoul'); $*operations* = [];$*operation* = new ManagedCustomerOperation();$*operation*->setOperator(Operator::ADD);$*operation*->setOperand($*customer*); $*operations*[] = $*operation*;$*customer* = $*managedCustomerService*->mutate($*operations*)->getValue()[0];return $*customer*->getCustomerId(); However, I've got error. Error message is "AuthorizationError.USER_PERMISSION_DENIED". *This approach is to wrong??* 3. *Idea 2* In obviously, I trying to using by refresh token of Service then upon process is success. So, I thought, this process is can creating account not using Alice's refresh token, just using refresh token of Service. If creating account is success then able to getting customer ID of creation account. And then Service is insert Database to that customer ID and Alice's unique information (E.g. Alice's ID of Service or email address or cellphone number or etc.,). And the after, if Alice will be trying registration to Ad service then background process is registration to Ad service by account of Service. Maybe that is correct. I have a question about this idea. Service don't need Alice's refresh token according to this idea. *Why Alice is oAuth login to Google???* best regards. -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/81e32d52-796d-4d62-ac3e-d7940528ead9%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
