I've been using 2 REST API calls to batch upload google offline click conversions. One generates the Access Token. The other is the API call to upload the offline click conversions.

All was well for a few weeks until suddenly we started getting invalid_grant messages in the JSON when trying to generate the Access Token. No clue why -- and we received no email or anything from Google on this. It just stopped working and the invalid_grant error was cryptic and the online help didn't explain much.

I resolved this issue by following this video to generate a new Refresh Token in the Google oAuth Playground:

https://youtu.be/KFICa7Ngzng

So, my question is -- can we automate this somehow? I can trap the invalid_grant JSON response and then would like to do some series of REST API calls to generate a new Refresh Token. Or, would I need to switch from a Web Application Type to a Service Account Type on the oAuth?

I also researched what might have caused the Refresh Token to expire. I looked at the following page and none of those bullet items applied to my situation:

https://developers.google.com/identity/protocols/oauth2#expiration

We have an app with offline access_type token. Yesterday all queries were broken, because authorization failed

POST https://oauth2.googleapis.com/token 

resulted in a

400 Bad Request response: { "error": "invalid_grant", "error_description": "Bad Request" }).

We use SDK Google Ads API Client Library for PHP for any queries to API.

Code example:

// Generate a refreshable OAuth2 credential for authentication.         $oAuth2Credential = (new OAuth2TokenBuilder())->fromFile($filePathName)->build();         $loggerFactory    = new LoggerFactory();         $logger           = $loggerFactory->createLogger('TestChannel',             APPLICATION_DIRECTORY . ".log/google/adsapi.date("Y-m").".log",             'DEBUG');         // Construct a Google Ads client configured from a properties file and the         // OAuth2 credentials above.         $googleAdsClient = (new GoogleAdsClientBuilder())             ->fromFile(std::lpath($filePathName))             ->withOAuth2Credential($oAuth2Credential)             ->withLogger($logger)             ->build();         $query = "SELECT customer_client.status FROM customer_client";         $googleAdsServiceClient = $googleAdsClient->getGoogleAdsServiceClient();         $response               = $googleAdsServiceClient->search(             $customerId,             $query,             ['pageSize' => self::PAGE_SIZE]         );         return $response->getIterator()->current();

App is in production in google cloud console.

What have we already done:

• changed password for account
• reset secret and generate new refresh token

Create new app isn't good solution for us, because I think, we couldn't quickly increase limits to API (but in this moment we were forced to use an app with basic limits and quota)

Any idea how to solve this problem or how contact Google oAuth team with this question?

Related to https://groups.google.com/g/adwords-api/c/nvLa0xPkdUs/m/0P3LcxBgAQAJ

Update: I had found, that there is no link to my app in https://myaccount.google.com/permissions Anyone know, how to add this permissions again?

I'm trying to use Google Ads API using service account.
The following works:

from google.ads.googleads.client import GoogleAdsClient from google.oauth2.service_account import Credentials as ServiceAccountCreds oauth2_client = ServiceAccountCreds.from_service_account_file(     filename=key_file, subject=developer_account,     scopes=["https://www.googleapis.com/auth/adwords"] ) google_ads_client = GoogleAdsClient(login_customer_id=self.login_customer_id, credentials=oauth2_client,                                     developer_token=self.developer_token) self.ga_service = self.google_ads_client.get_service("GoogleAdsService", version="v9") self.ga_serice.search_stream(customer_id=self.client_customer_id, query =  query) 

I want to to do following with Identity Workload Federation(w/o key):

from google.auth import aws as google_auth_aws from google.ads.googleads.client import GoogleAdsClient credentials = google_auth_aws.Credentials.from_info(json_config_info)  # from workload identity federation credentials = credentials.with_scopes(["https://www.googleapis.com/auth/adwords"]) credentials = credentials.with_subject(self.developer_account) # Build the service object. self.google_ads_client = GoogleAdsClient(login_customer_id=self.login_customer_id, credentials=credentials,                                     developer_token=self.developer_token) self.ga_service = self.google_ads_client.get_service("GoogleAdsService", version="v9") self.ga_service.search_stream(customer_id =self.client_customer_id, query =  self.query) 

Which throws error: ERROR:'Credentials' object has no attribute 'with_subject'.

I am trying to migrate Adwords API(sunset on 27th April, 2022) to Google Ads api. Using Asp.Net Core(5.0) and c#.

Exception: Google.Ads.GoogleAds.V10.Errors.GoogleAdsException HResult=0x80131500 Message=Status(StatusCode="Unauthenticated", Detail="Request is missing required authentication credential. Expected OAuth 2 access token, login cookie or other valid authentication credential. See https://developers.google.com/identity/sign-in/web/devconsole-project.",

I want to use "keywordPlanIdeaService" Can anyone have any suggestions.

I have a project whose Publishing status is Testing (I am using Google Ads Api).

            using FileStream stream = new("Credentials.json", FileMode.Open, FileAccess.Read);             // The file token.json stores the user's access and refresh tokens, and is created             // automatically when the authorization flow completes for the first time.             UserCredential credential = await GoogleWebAuthorizationBroker.AuthorizeAsync(              GoogleClientSecrets.FromStream(stream).Secrets,              scopes,              "user",              CancellationToken.None,              new FileDataStore("Token", true)             );             if (credential.Token.IsExpired(credential.Flow.Clock))                 await credential.RefreshTokenAsync(CancellationToken.None); 

When I use the code above, it expects me to log in via Gmail, but I want to automatically handle the Refresh token and continue uninterrupted requests without understanding anything to the user. I am using Desktop Application as Flow, but I am using Net 5 Api as Framework. I look forward to your help in this matter.

Thank you from now.