2

I am trying to get an Oauth2 access token to use adwords api. I am using google-api-ads-ruby and trying to follow the instruction here, https://github.com/googleads/google-api-ads-ruby/wiki/API-access-using-own-credentials-(installed-application-flow). I have developer token, client id, secret, and every other info inserted into adwords_api.yml. And when I run setup_oauth2.rb it displays as below :

Hit Auth error, please navigate to URL:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=309181******-lnbictq23g17o7pp3e6v7vdqq9juinv9.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/adwords
log in and type the verification code:

so as the document said, I copied and pasted the url in a browser, but I keep getting this:

enter image description here

I also have tried creating new client ID with selecting 'other' instead of 'web application'. Although many people on the web saying choose 'installed application', there is no such option. All options I see are only this :

enter image description here

I don't know how many days I have been stuck on this. Please give any advice if you have any. thank you.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
Jay Jeong
  • 892
  • 2
  • 11
  • 24
  • When the client ID is retrieved as ``other``, ``redirect_uris`` has ``urn:ietf:wg:oauth:2.0:oob`` and ``http://localhost``. So how about modifying from ``redirect_uri=urn:ietf:wg:oauth:2.0:oob`` to ``redirect_uri=http://localhost``? If this was not useful for you, I'm sorry. – Tanaike May 15 '18 at 02:56
  • oh wow now It redirected me to google sign-in page and it also prompted user to allow my app to manage the user's campaigns. But although it is supposed to give me a verification code, it says This site can’t provide a secure connection localhost sent an invalid response. Try running Network Diagnostics. ERR_SSL_PROTOCOL_ERROR and my server also has error like this, 2018-05-14 22:55:43 -0700: HTTP parse error, malformed request (): # do you know why it does this..? – Jay Jeong May 15 '18 at 06:01

1 Answers1

2

The way Oauth2 works is that it needs to know where to return the authentication to. This is done by defining a Redirect URI.

With browser based applications its easy to know where the authentication should be returned to. In this case it should go to a page on the website designed to handle the response form the authentication server.

With installed applications thats a little harder becouse there is no website to return to so no way of knowing an exact ip address where to send it to. In this case google creates two standard redirect uris that you can use.

urn:ietf:wg:oauth:2.0:oob and and http://localhost

Explanation of your error

In your case if you read the error message you are sending a Native redirect uri to a browser client id.

Your issue:

309181******-lnbictq23g17o7pp3e6v7vdqq9juinv9.apps.googleusercontent.com  <--- Web client id  
urn:ietf:wg:oauth:2.0:oob  <--- Redirect uri only allowed for native clients

Solution

Go back to Google developer console and find the client id and client secret for the native (other) client you created. You cant use urn:ietf:wg:oauth:2.0:oob with a browser client id as you have done now.

Now this really depends on what your doing here. If you are going to release this on a website someplace then leaving this as a browser client would probably be a decide id. in that case just using http://localhost for your redirect uri will solve your problem. But you should add a new redirect uri when you release this to your production website. Leaving localhost allowed in a production client is a bad idea in my opinion.

but this really depends on how you intend to use this application.

Linda Lawton - DaImTo
  • 106,405
  • 32
  • 180
  • 449
  • Thank you kindly for your detailed answer. As you said, changing urn:ietf:wg:oauth:2.0:oob to http://localhost fixes the http error. It redirects to google's authentication page. However, after I grant the access, although it is supposed to give me a verification code according to oauth2 documentation (https://github.com/googleads/google-api-ads-ruby/wiki/API-access-on-behalf-of-your-clients-(web-flow) ), it is giving me another error message saying 'This site can’t provide a secure connection localhost sent an invalid response.' – Jay Jeong May 15 '18 at 18:19
  • Why do you think it is doing that ? My application is for web. Also I only have main page so far and am trying to connect to adwords api before starting to construct the app. – Jay Jeong May 15 '18 at 18:19
  • 1
    nevermind ! I actually had wrong redirect uri set on my client id. Now it redirects to my application after granting the access. I appreciate it to all. Thank you :D – Jay Jeong May 15 '18 at 20:15