Hi, Could you send the following *only to me* by clicking *Reply to Author*?
1. The customer ID of the client AdWords account you are trying to access 2. The customer ID of the MCC 3. The user name (email address) of the user you were logged in as when you generated your OAuth2 refresh token. Thanks, Josh, AdWords API Team On Monday, June 9, 2014 1:33:14 PM UTC-4, Joshua Newman wrote: > > Thanks for the response. No other account is behaving this way and I think > its because what we had to do to link it. Initially the account's password > had been changed so we couldn't get it an oauth2 access/refresh token. To > fix this we added a new user to the account with administrative access then > requested the oauth2 tokens using the new email/password combination. Now > everytime we use oauth2 with this account we get the USER_PERMISSION_DENIED > error. I also double checked that the account's oauth2 tokens were acquired > using the correct email/password. I'm not sure where to go from here. > > On Monday, June 9, 2014 10:46:48 AM UTC-4, Josh Radcliff (AdWords API > Team) wrote: >> >> Hi, >> >> That error indicates that the user associated with the OAuth2 access >> token in the request does not have access to the account in the >> *clientCustomerId* SOAP header. Two common causes for this are: >> >> 1. The OAuth2 refresh token was obtained while logged in as an MCC, but >> that MCC no longer has access to the client account. >> 2. When obtaining the OAuth2 refresh token you (or the user who went >> through the flow) were logged into some other Google account that does not >> have access to the client account. You will be able to get a refresh token >> (or access token) for the AdWords scope regardless of whether the user has >> an AdWords account since the OAuth2 flow does not check if an AdWords >> account exists for the user -- it merely grants access to the AdWords scope >> for that user. >> >> Also, the developer token has *no impact* on authorization. A valid >> OAuth2 access token can be used to make API requests against your account >> using *any* developer token, as the developer token is not part of the >> OAuth2 flow. >> >> Cheers, >> Josh, AdWords API Team >> >> On Monday, June 9, 2014 9:12:41 AM UTC-4, Joshua Newman wrote: >>> >>> Recently migrated from clientLogin to Oauth2 and had no problem >>> retrieving the access token and refresh token for our managed accounts. I >>> now have 1 account getting this error while using Oauth2: >>> >>> Google.Api.Ads.AdWords.Lib.AdWordsApiException: An API exception has >>> occurred. See ApiException and InnerException fields for more details. ---> >>> System.Web.Services.Protocols.SoapException: >>> [AuthorizationError.USER_PERMISSION_DENIED @ ; trigger:''] >>> >>> I've checked the developer token and the clientCustomerId and both are >>> correct. Also the account was able to get Oauth2 access and refresh tokens; >>> the account successfully refreshes the access token too. Any help is >>> greatly appreciated. >>> >> -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. For more options, visit https://groups.google.com/d/optout.
