Hi Josh, Thanks for your reply! The situation I am concerned with however is where we already have clients linked to our MCC. Let's say that one of the people on our team is setting up a new account in one of applications that uses the AdWords API, and by mistake enters the client id for client X from the MCC rather than for client Y. This is still a valid account, linked to the MCC, but due to a simple mistake is not the client id that we want. If I could also validate this client id against client-specific login credentials then that would be a useful extra step for validating that we infact have the client id that we want to use. A user is less likely to enter incorrect login credentials such as [email protected] for the client Y account.
On Thursday, 13 March 2014 15:33:32 UTC-3, Josh Radcliff (AdWords API Team) wrote: > > Hi Chris, > > When your MCC sends out an invitation to an AdWords account (either via > the My Client Center UI or a > ManagedCustomerService.mutateLink<https://developers.google.com/adwords/api/docs/reference/v201402/ManagedCustomerService#mutateLink> > ADD > + PENDING call) the user associated with that account will still have to > either accept or refuse the invitation. Accepting the link will either be: > > 1. A manual interaction through the AdWords UI *or* > 2. Managed by your application via a > ManagedCustomerService.mutateLink<https://developers.google.com/adwords/api/docs/reference/v201402/ManagedCustomerService#mutateLink> > SET > + ACTIVE call > > In either case you will be able to detect when the client enters a > customer ID for which he does not have access. > > 1. If the client does not actually own the customer ID then he won't > get the invitation at all. It will either go to the owner of the > incorrectly entered account (if it exists) or sending the invitation will > fail. > 2. In order for your application to accept the link on the user's > behalf you will have to prompt the user for permission to manage his > AdWords account. If he entered the wrong account number then the > > ManagedCustomerService.mutateLink<https://developers.google.com/adwords/api/docs/reference/v201402/ManagedCustomerService#mutateLink> > SET > + ACTIVE call will fail because the OAuth2 access token will be for an > account that does not have access to the incorrectly entered customer ID. > > Another possible flow would be that you collect the customer ID and go > through the OAuth2 flow at one point, and then at some later point in time > go through the MCC invitation process. If that's your use case then at the > point where you collect the OAuth2 token you could issue a simple request > such as a > CustomerService.get<https://developers.google.com/adwords/api/docs/reference/v201402/CustomerService#get>where > you specify the clientCustomerId and use the OAuth2 credentials from > the user. If the user entered the wrong customer ID then that request will > fail with a permission error. > > Cheers, > Josh, AdWords API Team > > On Thursday, March 13, 2014 10:57:23 AM UTC-4, Chris wrote: >> >> Hi Guys, >> >> I'm looking at updating our applications to using OAuth2.0 >> authentication, and it certainly seems that it would be easiest to have all >> account linked under one master MCC, as described here >> https://developers.google.com/adwords/api/docs/guides/clientlogin-to-oauth2-single-mcc >> >> However, my concern with this approach, is that I do expect users to >> occasionally input the id for the wrong account by mistake. The >> consequences of this could be less than desirable. Currently we use >> ClientLogin for authentication, and a user is required to input the client >> id, username and password. If I could still make use of this information, >> and validate that the login credentials provided are valid for the account >> id specified, then that would go a long way to alleviating my concerns (it >> can be easier to see from an email address what account it is associated >> with, compared to a numeric id). >> >> So, my question is - is there is still a way that I can validate login >> credentials against an account id? >> >> Or, am I in fact misunderstanding something in relation to OAuth2.0 >> authentication, since this is the first time I'm really looking into it? >> >> Any thoughts or comments are much appreciated. >> >> Chris >> > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
