Hi guys, I'm sorry, it appears I misspoke with regards to the threadsafety of GoogleCredentials. Per the javadoc<http://javadoc.google-api-java-client.googlecode.com/hg/1.8.0-beta/com/google/api/client/googleapis/auth/oauth2/GoogleCredential.html>, this class is indeed threadsafe. Internally, the java library checks if we have an expiry and if autoRefresh is enabled and calls GoogleCredential.refreshToken() if we're close to expiring. In this case, it should be OK to use a single GoogleCredential among multiple AdWordsSessions.
We're inheriting the semantics of the Google Apis client library (which powers our OAuth support). Their site may be of use when dealing with OAuth2 specific questions: http://code.google.com/p/google-api-java-client/ - Kevin Winter AdWords API Team On Friday, October 19, 2012 10:10:37 AM UTC-4, j.e.frank wrote: > > I've actually decided to postpone my migration to the "new" java library > because I don't fully understand how to use the OAuth2 credentials/tokens > in a "long lived service" environment. I made a version that created a > single GoogleCredential object, and handed that out to all the > AdWordsSessions, but I had little confidence that it was going to work > properly when auto-refreshed, or that it was safe to use just one > credential across many threads, simultaneously or not. I'd love to see > some more full-scale examples, or in-depth documentation, so that I won't > have to find out through trial and error. > > On Friday, October 19, 2012 5:46:34 AM UTC-4, Oliver wrote: >> >> Thanks for the clarification. We indeed use OAuth2. >> >> My understanding is the Java client library handles the token refresh >> automatically. If so, then we don't have any control on ensuring the >> refresh functionality is done by one thread only, and we will run the risk >> of multiple simultaneous refreshes. >> >> Is there any chance the Java client library can perhaps add some >> protection against it (maybe synchronize the bit of the code that does >> this)? >> >> Oliver >> >> On Thursday, October 18, 2012 9:02:13 PM UTC+1, Kevin Winter wrote: >>> >>> Hi Oliver, >>> Yes, the session object should be safe to read in multiple threads >>> (the only caveat is if you are doing OAuth2 and it needs to refresh the >>> token, that wouldn't be threadsafe). Technically, you can also update the >>> credentials as well as partialFailure/validateOnly (and >>> reportMoneyInMicros). >>> >>> If you're using ClientLogin or OAuth1.0a, you should be fine in your >>> scenario. Under certain edge conditions OAuth2 might be OK - you just run >>> the risk of multiple threads all refreshing it at once. We wanted to >>> recommend treating it as non-threadsafe because the caveats certainly >>> complicate matters. >>> >>> - Kevin Winter >>> AdWords API Team >>> >>> On Thursday, October 18, 2012 6:37:20 AM UTC-4, Oliver wrote: >>>> >>>> Thanks Kevin for such an excellent resource. >>>> >>>> I have a question about the nature of thread safety of the *session * >>>> object. >>>> >>>> So, if we don't make changes to the session* *object at all, does this >>>> mean we can use multi threads on the session object (together with the >>>> other objects like *ReportDownloader *and the *service stubs *that >>>> they hold a reference to the session)? >>>> >>>> The only thing that potentially can change on a session is the customer >>>> ID, right? We have a model whereby we cache one session object per >>>> account >>>> ID, hence we never need to change the customer ID on the session. Are we >>>> safe to use multi threads in our case? >>>> >>>> Oliver >>>> >>>> On Wednesday, October 17, 2012 10:20:23 PM UTC+1, Kevin Winter wrote: >>>>> >>>>> Updated - thanks for pointing that out. >>>>> >>>>> - Kevin Winter >>>>> AdWords API Team >>>>> >>>>> On Wednesday, October 17, 2012 4:20:05 PM UTC-4, j.e.frank wrote: >>>>>> >>>>>> That's useful. Can you also update the Migration Guide, because it >>>>>> contains contradictory information about the AdWordsServices object? >>>>>> The >>>>>> migration guide calls it heavyweight and non-threadsafe, and the wiki >>>>>> page >>>>>> referenced below calls it lightweight and threadsafe. >>>>>> >>>>>> On Wednesday, October 17, 2012 4:10:57 PM UTC-4, Kevin Winter wrote: >>>>>>> >>>>>>> Hi Oliver, >>>>>>> I just published a wiki page on thread safety in the new java >>>>>>> library: >>>>>>> https://code.google.com/p/google-api-ads-java/wiki/ThreadSafety >>>>>>> >>>>>>> - Kevin Winter >>>>>>> AdWords API Team >>>>>>> >>>>>>> On Wednesday, October 3, 2012 3:34:04 PM UTC-4, Oliver wrote: >>>>>>>> >>>>>>>> Assume we have an MCC with 5 standard adwords accounts inside it. >>>>>>>> >>>>>>>> An application, using the Java client library, authenticates to >>>>>>>> access the MCC account and gets the required token for the MCC. >>>>>>>> >>>>>>>> We now need to access the 5 accounts within the MCC, sometimes >>>>>>>> simultaneously. Can you please confirm the following: >>>>>>>> >>>>>>>> 1) Since the AdwordsSession object is associated with one account >>>>>>>> ID, I will need to create 5 AdwordsSession objects one for each >>>>>>>> account. >>>>>>>> All AdwordsSessions are created using the same token (obtained when >>>>>>>> authenticating for MCC). Is this correct? >>>>>>>> >>>>>>>> 2) Even though the AdwordsServies class can be used with multiple >>>>>>>> sessions, it is not thread safe as documented here: >>>>>>>> http://code.google.com/p/google-api-ads-java/wiki/MigrationGuide >>>>>>>> >>>>>>>> Since the 5 accounts might be accessed simultaneously, I should >>>>>>>> create 5 different AdwordsServices object, one for each account. Is >>>>>>>> this >>>>>>>> correct? >>>>>>>> >>>>>>>> >>>>>>>> Thanks for your help. >>>>>>>> >>>>>>>> Oliver >>>>>>>> >>>>>>> -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and discussion group: http://adwordsapi.blogspot.com http://groups.google.com/group/adwords-api =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en
