Search code examples
ruby-on-railsgoogle-apigoogle-oauthgoogle-developers-consolegoogle-ads-api

cannot retrieve access token for oauth2

I am trying to get an Oauth2 access token to use adwords api. I am using google-api-ads-ruby and trying to follow the instruction here, https://github.com/googleads/google-api-ads-ruby/wiki/API-access-using-own-credentials-(installed-application-flow). I have developer token, client id, secret, and every other info inserted into adwords_api.yml. And when I run setup_oauth2.rb it displays as below :

Hit Auth error, please navigate to URL:
https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=309181******-lnbictq23g17o7pp3e6v7vdqq9juinv9.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/adwords
log in and type the verification code:

so as the document said, I copied and pasted the url in a browser, but I keep getting this:

enter image description here

I also have tried creating new client ID with selecting 'other' instead of 'web application'. Although many people on the web saying choose 'installed application', there is no such option. All options I see are only this :

enter image description here

I don't know how many days I have been stuck on this. Please give any advice if you have any. thank you.

Solution

  • The way Oauth2 works is that it needs to know where to return the authentication to. This is done by defining a Redirect URI.

    With browser based applications its easy to know where the authentication should be returned to. In this case it should go to a page on the website designed to handle the response form the authentication server.

    With installed applications thats a little harder becouse there is no website to return to so no way of knowing an exact ip address where to send it to. In this case google creates two standard redirect uris that you can use.

    urn:ietf:wg:oauth:2.0:oob and and http://localhost

    Explanation of your error

    In your case if you read the error message you are sending a Native redirect uri to a browser client id.

    Your issue:

    309181******-lnbictq23g17o7pp3e6v7vdqq9juinv9.apps.googleusercontent.com  <--- Web client id  
urn:ietf:wg:oauth:2.0:oob  <--- Redirect uri only allowed for native clients

    Solution

    Go back to Google developer console and find the client id and client secret for the native (other) client you created. You cant use urn:ietf:wg:oauth:2.0:oob with a browser client id as you have done now.

    Now this really depends on what your doing here. If you are going to release this on a website someplace then leaving this as a browser client would probably be a decide id. in that case just using http://localhost for your redirect uri will solve your problem. But you should add a new redirect uri when you release this to your production website. Leaving localhost allowed in a production client is a bad idea in my opinion.

    but this really depends on how you intend to use this application.