Hi Alan, You use your refresh token to generate new access tokens. Then the access token is the one you include in the API calls so your request get properly authorized, as you mentioned.
So if you were able to generate a refresh token already, a call to https://accounts.google.com/o/oauth2/token allows you to generate an access token. As explained her<https://developers.google.com/accounts/docs/OAuth2InstalledApp#refresh> e. But your mention to redirect URIs makes me think that you are in early stages of the OAuth2 protocol and haven't been able to generate a refresh token. In a simplistic way to describe it, you first redirect your user to our auth server so they can authorize your application to access their data, our server will then redirect to your application with a confirmation code (this is not an access or refresh token) that you then need to exchange for a pair of access token and refresh token. Access tokens are short lived and their lifetime is returned as part of the response, while refresh token don't expire and you should securely store these on your side. I'd recommend you carefully reading this doc page<https://developers.google.com/accounts/docs/OAuth2> and also recommend you specifically reading about the Installed Apps flow<https://developers.google.com/accounts/docs/OAuth2InstalledApp> BTW, I'd highly recommend you using our client libraries, which will greatly help you implement the whole auth logic since all of them offer utilities and code examples on how to deal with OAuth2. If you tell me what programming language your are working with I can point you to some of these resources. Best, - David Torres - AdWords API Team On Monday, September 9, 2013 5:27:41 PM UTC-4, Alan Coleman wrote: > > Hi Brett, > > Thanks again for replying, I'm still confused about the returning * > access_token* that my app will need to use the API. > > Do I need to handle or store it somewhere? > > I understand that OAuth2 uses the *client_id*, *client_secret* and * > refresh_token* to get an *access_token*, which in turn should allow my > app to use the API. However I don't understand where the *access_token*gets > returned to. > > In the Google APIs Console a Client ID for Installed applications gives no > option for the redirect URIs, it's set as localhost as default. > > Could a firewall be preventing the access token from returning to my > application? > > Many thanks. > > On Thursday, September 5, 2013 5:58:03 PM UTC+1, Brett Baggott wrote: >> >> Alan, here's a link to Google's official explanation of the different >> types of >> projects<https://developers.google.com/accounts/docs/OAuth2?csw=1#scenarios>. >> >> I suggest that, instead of thinking of these different project types in >> relation to what _your_ application is, think of them in relation to how >> each is different. Here's my lame attempt at describing each of these >> projects in my own words: >> >> Web Application - This is for interactive applications that are going to >> allow any user (basically) to go through your application and authorize you >> to access their account via API and then your application will do whatever >> it is designed to do, most likely interactively. >> Installed Application - This is for an application that contains >> functionality that uses the Adwords API but authorization is most likely a >> one-time thing (at least in the way I think of it), probably accessing a >> specific account(s), and where authorization (or more likely refreshing of >> authorization) pretty much happens in the background. >> Service Application - This is the same as the Installed Application >> except it's meant to be run on a server and therefore even less user >> interaction. There's actually some assumed authorization processes that are >> pretty different from the Installed Application but for the purposes of my >> example here, is beyond the scope of discussion. >> >> So really I think of these different project types in terms of _how_ I'm >> going to handle authorization (i.e. interactively or "built-in"). >> >> As far as your question about the Redirect URI, think of it like the >> PayPal process. You click on a PayPal button on a website, you're taken to >> PayPal to sign in and authorize the payment, and then you are redirected at >> some point back to the vendors site so he can say Thank You. Well, in the >> same way you'd tell PayPal "here's the URI I want you to redirect to after >> the payment is processed" (i.e. my thank you page), you tell the Auth API >> where you want to redirect to after the user has authorized you to access >> their account. >> >> Hope that helps, >> ~Brett >> >> On Thursday, September 5, 2013 9:25:11 AM UTC-5, Alan Coleman wrote: >>> >>> Hello everyone, >>> >>> Apologies for my lack of understanding surrounding this topic and >>> continuous post about the basics of the protocol. >>> >>> I'm passing *client_id*, *client_secret* and *refresh_token* to the >>> Google OAuth2 Authorisation Server but my application is returning an >>> *access >>> token required* error. >>> >>> Does the access token get returned to the Redirect URI ? >>> >>> If so, what do I have to do to handle the access_token at that point? Do >>> I have to store it or pass it somewhere else? >>> >>> Apologies again, I'm just finding all of the documentation a little >>> overwhelming. >>> >>> Many thanks >>> >> -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and discussion group: http://adwordsapi.blogspot.com http://groups.google.com/group/adwords-api =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. For more options, visit https://groups.google.com/groups/opt_out.
