Re: Resetting Developer Token and Client Secrets

2018-02-15 Thread Peter Lanser 
Hi Vincent,

everything is clear now. Thanks four your answer.

Regards,
Peter

On Thursday, February 15, 2018 at 5:03:45 AM UTC+1, Vincent Racaza (AdWords 
API Team) wrote:
>
> Hi Peter,
>
> My apologies for the confusion in regards to the developer token. Based on 
> the guide 
> , 
> yes, you can always reset your developer token if you feel that this is 
> compromised. In regards to the impact of resetting your developer token 
> with your OAuth2 credentials, this does not have an impact. You can still 
> use your current OAuth2 credentials (client ID, client secret, refresh 
> token) with your new value of your developer token immediately. When you 
> reset your developer token, the old developer token is also invalidated 
> immediately.
>
> For resetting your client secret in the Google API Console Credentials 
> page , it will 
> also invalidate immediately the old client secret for a given client ID. 
> However, as you have tested (I have also tested this on my test account), 
> this does not have any effect to the refresh token as generally, refresh 
> token is tied up to your client ID. So if your client ID is still existing, 
> and you did not delete it, then the refresh token will still be valid not 
> unless you have reached the limit of 50 refresh tokens. If you really want 
> to manually invalidate the refresh token, then you need to revoke it. 
> 
>
> Let me know if my explanation is clear or if you have further 
> clarifications.
>
> Thanks,
> Vincent
> AdWords API Team
>

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/0c71c1d7-e43d-4f9f-9a83-4e435164b7e2%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Resetting Developer Token and Client Secrets

2018-02-14 Thread 'Vincent Racaza (AdWords API Team)' via AdWords API Forum 
Hi Peter,

My apologies for the confusion in regards to the developer token. Based on 
the guide 
, 
yes, you can always reset your developer token if you feel that this is 
compromised. In regards to the impact of resetting your developer token 
with your OAuth2 credentials, this does not have an impact. You can still 
use your current OAuth2 credentials (client ID, client secret, refresh 
token) with your new value of your developer token immediately. When you 
reset your developer token, the old developer token is also invalidated 
immediately.

For resetting your client secret in the Google API Console Credentials page 
, it will also 
invalidate immediately the old client secret for a given client ID. 
However, as you have tested (I have also tested this on my test account), 
this does not have any effect to the refresh token as generally, refresh 
token is tied up to your client ID. So if your client ID is still existing, 
and you did not delete it, then the refresh token will still be valid not 
unless you have reached the limit of 50 refresh tokens. If you really want 
to manually invalidate the refresh token, then you need to revoke it. 


Let me know if my explanation is clear or if you have further 
clarifications.

Thanks,
Vincent
AdWords API Team

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/ee8737c8-c8fd-4fed-98ed-557cd7b9c47b%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Resetting Developer Token and Client Secrets

2018-02-14 Thread Peter Lanser 
Hi Vincent,

actually you can reset the developer token: 
https://developers.google.com/adwords/api/docs/guides/reset-devtoken

Maybe my question was not clear enough. We had to reset our developer token 
and secrets of existing OAuth2 client configurations. My question would 
have been if these changes take effect immediately and if these changes 
have any effects on existing refresh tokens (of the reset OAuth2 
configurations).

However, in the meantime we did these changes with the following outcomes:

- After reset the previous developer token is invalidated immediately.
- The same is true for resetting the secret of an existing OAuth2 
credential. After the reset the previous secret is invalidated immediately.
- The existing refresh tokens (of the reset OAuth2 configuration) have *not* 
been invalidated by these changes. They are still valid.

Regards,
Peter

However, neither the reset of the developer token nor the reset of of an 
existing OAuth2 secret had any effects on existing refresh tokens of this 
(reset) OAuth credential.

On Tuesday, February 13, 2018 at 8:53:47 AM UTC+1, Vincent Racaza (AdWords 
API Team) wrote:
>
> Hi Peter,
>
> You cannot reset on your end the developer token as the token is generated 
> when you completed the sign-up  
> for an MCC 
> account (all the 3 steps in the guide). However, do you have any reasons 
> (e.g. is it compromised or have you accidentally shared it to somebody?) on 
> why you want to reset your developer token? If you wish to have your 
> developer token be reset, I can notify the AdWords Compliance Team to 
> confirm if this is possible.
>
> In terms of OAuth2 credentials (client ID, client secret, refresh token), 
> you can create a new client ID and secret in the Google API Console 
> Credentials page . 
> When you create a new client ID in the credentials page, it won't 
> invalidate other existing client IDs unless you manually delete them in the 
> credential page. When you delete a client ID, you cannot use it in your API 
> requests as this will generate an error.
>
> As for your refreshToken, since it is dependent of your *clientId* and 
> *clientSecret*, then once you delete the two, this will invalidate all 
> the refresh tokens associated to it. However, if your goal is to generate a 
> new refresh token only for a specific client ID, then the old refresh token 
> won't be invalidated unless you manually revoked its access 
> 
>  or 
> you have reached the limit of 50 refresh tokens (e.g. your 51st generation 
> of refresh token will invalidate the first/oldest refresh token for a given 
> client ID) per user/email account. You can check this guide 
>  for 
> more information on this.
>
> Furthermore, you can check this guide 
>  for 
> more information on how to authenticate in the AdWords API.
>
> Let me know if you have further clarifications.
>
> Thanks,
> Vincent
> AdWords API Team
>

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/7c10d9d5-cb25-455a-ad1b-f3c373980dac%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Re: Resetting Developer Token and Client Secrets

2018-02-12 Thread 'Vincent Racaza (AdWords API Team)' via AdWords API Forum 
Hi Peter,

You cannot reset on your end the developer token as the token is generated 
when you completed the sign-up  
for an MCC 
account (all the 3 steps in the guide). However, do you have any reasons 
(e.g. is it compromised or have you accidentally shared it to somebody?) on 
why you want to reset your developer token? If you wish to have your 
developer token be reset, I can notify the AdWords Compliance Team to 
confirm if this is possible.

In terms of OAuth2 credentials (client ID, client secret, refresh token), 
you can create a new client ID and secret in the Google API Console 
Credentials page . 
When you create a new client ID in the credentials page, it won't 
invalidate other existing client IDs unless you manually delete them in the 
credential page. When you delete a client ID, you cannot use it in your API 
requests as this will generate an error.

As for your refreshToken, since it is dependent of your *clientId* and 
*clientSecret*, then once you delete the two, this will invalidate all the 
refresh tokens associated to it. However, if your goal is to generate a new 
refresh token only for a specific client ID, then the old refresh token 
won't be invalidated unless you manually revoked its access 
 
or 
you have reached the limit of 50 refresh tokens (e.g. your 51st generation 
of refresh token will invalidate the first/oldest refresh token for a given 
client ID) per user/email account. You can check this guide 
 for 
more information on this.

Furthermore, you can check this guide 
 for 
more information on how to authenticate in the AdWords API.

Let me know if you have further clarifications.

Thanks,
Vincent
AdWords API Team

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/ae906814-23f9-40df-94ea-ca8437d8c06f%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.

Resetting Developer Token and Client Secrets

2018-02-12 Thread Peter Lanser 
Hi,

we would like to reset our developer token and certain OAuth client secrets.

Does a reset invalidate existing tokens / secrets immediately or is there a 
chance to keep them valid for a certain amount of time for example?
Ánd will existing OAuth refresh tokens be affected by a change of an OAuth 
secret?

Regards,
Peter

-- 
-- 
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog and Google+:
https://googleadsdeveloper.blogspot.com/
https://plus.google.com/+GoogleAdsDevelopers/posts
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~

You received this message because you are subscribed to the Google
Groups "AdWords API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
--- 
You received this message because you are subscribed to the Google Groups 
"AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to adwords-api+unsubscr...@googlegroups.com.
Visit this group at https://groups.google.com/group/adwords-api.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/adwords-api/67678f01-92a7-4003-804a-5c25eb12a721%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.