@Joyce, Thank you for your response!
Yes, I am using a Web App flow. First, I generated OAuth Credentials as "Other" type and used the sample code from GitHub <https://github.com/googleads/googleads-php-lib/wiki/API-access-on-behalf-of-your-clients-(web-flow)> on my localhost. Worked fine! I could authorise with different users. When I uploaded it did not work, got URI Mismatch error. So then I created a OAuth Credentials as explained here <https://developers.google.com/adwords/api/docs/guides/authentication#webapp> and used Authorised redirect URIs with my domain (ie. www.domain.com/app/oauth) . This time the code from the sample (pasting below) does not redirect my to User Consent Screen at all. Therefore there is no refresh_token in $authToken. P.S: This code snippet works perfectly on my localhost if I use this combination; 1.OAuth Client ID Type : "Other" 2. redirectUri in the code: http://localhost:8888/app/oauth Then I am redirected to consent screen and get a refresh token. When I change the redirectUri and upload to my server, it does not work. Also; 1.OAuth Client ID Type : "Web Application" 2. Authorised redirect URIs -> http://localhost:8888/app/oauth 3. redirectUri in the code : http://localhost:8888/app/oauth I am not redirected to Consent Screen, therefore do not have a refresh_token. use Google\Auth\OAuth2; session_start(); $oauth2 = new OAuth2([ 'authorizationUri' => 'https://accounts.google.com/o/oauth2/v2/auth', 'tokenCredentialUri' => 'https://www.googleapis.com/oauth2/v4/token', 'redirectUri' => '****', 'clientId' => '****', 'clientSecret' => '****', 'scope' => '****' ]); if (!isset($_GET['code'])) { // Create a 'state' token to prevent request forgery. // Store it in the session for later validation. $oauth2->setState(sha1(openssl_random_pseudo_bytes(1024))); $_SESSION['oauth2state'] = $oauth2->getState(); // Redirect the user to the authorization URL. $config = [ // Set to 'offline' if you require offline access. 'access_type' => 'online' ]; header('Location: ' . $oauth2->buildFullAuthorizationUri($config)); exit; }elseif (empty($_GET['state']) || ($_GET['state'] !== $_SESSION['oauth2state'])) { unset($_SESSION['oauth2state']); exit('Invalid state.'); } else { $oauth2->setCode($_GET['code']); $authToken = $oauth2->fetchAuthToken(); // Store the refresh token for your user in your local storage if you // requested offline access. $refreshToken = $authToken['refresh_token']; } On Monday, 13 February 2017 06:00:17 UTC, Joyce Lava wrote: > > Hello, > > If you are doing the web app flow, you should follow the steps > <https://developers.google.com/adwords/api/docs/guides/authentication#3_configure_and_use_a_client_library> > for > the web app flow which includes entering the JavaScript origins, redirect > URIs or both. > > You can use the local machine as the URI for testing purposes, however, > you should specify your authorized URI so you can use OAuth2. You may find > this documentation > <https://developers.google.com/identity/protocols/OAuth2WebServer#creatingcred> > helpful. > > Regards, > Joyce, AdWords API Team > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog and Google+: https://googleadsdeveloper.blogspot.com/ https://plus.google.com/+GoogleAdsDevelopers/posts =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. Visit this group at https://groups.google.com/group/adwords-api. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/6c0f4655-f444-4f90-85b8-263eef61249a%40googlegroups.com. For more options, visit https://groups.google.com/d/optout.
