FYI - I ended up getting that working.
Yes, I followed all of the steps to create the service account and
authorize it for our Google Apps Domain. That isn't the issue.
All of the sample code and examples for using the Service Account fail to
show where or how to set the ServiceAccountUser on the GoogleCredential
returned from OfflineCredentials Builder.
Simply specifying the location of the JSON file in the ads.properties file
only gets you so far. You can receive an accessToken on the
GoogleCredential created with the OfflineCredentials Builder, but I could
not set the serviceAccountUser as that appears to be required at build
time. It would be ideal to have a property for this user in the
ads.properties file, or allow for setting this in the OfflineCredentials
Builder object.
You are correct that there are a lot of ways to configure impersonation and
I managed to dig into the code and replicate my own builder that pulled
from the ServiceAccount JSON file and allows for specifying the
ServiceAccount user, but I'm not sure why OfflineCredentials and the
Adwords Java library doesn't support this. Again, it looks like some of the
other SDKs do support specifying the service account user in a property.
(e.g. Ruby's YAML "ouath2_prn")
Something like this would be a great addition to the next release of the
Java SDK.
Credential oAuth2Credential = new OfflineCredentials.Builder()
.forApi(OfflineCredentials.Api.ADWORDS)
.fromFile()
*.withServiceAccountUser("u...@domain.com")*
.build()
.generateCredential();
Thanks for the reply!
John
On Monday, August 7, 2017 at 11:14:25 PM UTC-7, Peter Oliquino wrote:
>
> Hi John,
>
> Could you provide the following details?
>
> - Do you have a Google Apps Domain? To use service accounts with
> AdWords, a Google Apps Domain is required (as mentioned on the wiki
> page for service accounts
>
> <https://github.com/googleads/googleads-java-lib/wiki/API-access-using-own-credentials-(server-to-server-flow)#step-2---setting-up-the-client-library>
> ).
> - Have you been granted access to the G Suite (former Google Apps)
> account that you have?
>
> Depending on the library you use, impersonation can be configured
> differently. If you are working with a single user I suggest using installed
> application
> <https://support.google.com/googleapi/answer/6158849?hl=en#installedapplications>.
>
> With installed application flow you need to authorize each Google account
> individually. So, you'd need to have each of these users go through the
> authorization flow and then manage a separate access/refresh token per
> email address. The authorization step (browser step) for installed
> application is needed only once and can be done outside of your production
> environment. All you need is the refresh token which can be cached and
> deployed with your app. Please see this document
> <https://developers.google.com/adwords/api/docs/guides/authentication#generate_oauth2_credentials>
> for
> more information on setting up authentication.
>
> Best regards,
> Peter
> AdWords API Team.
>
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to the Google Groups
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit
https://groups.google.com/d/msgid/adwords-api/0cac0ba5-ab92-42b0-9b84-f8e8acdefb96%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
