what does access_token and refresh_token do? how to specify the access token in request?

[jasonbigl]

Hi,

After reading google ads api docs and example codes of this lib, I did some test to get familiar with integration. now I'm confused.

From what I understood, access_token is used to auth the api call, while refresh_token is used to renew the access_token when it expired.

But to build google ads client with this lib:

$oAuth2Credential = (new OAuth2TokenBuilder())
->withClientId(env('GOOGLE_ADS_CLIENT_ID'))
->withClientSecret(env('GOOGLE_ADS_CLIENT_SECRET'))
->withRefreshToken($refreshToken)
->build();

$googleAdsClient = (new GoogleAdsClientBuilder())
->withOAuth2Credential($oAuth2Credential)
->withDeveloperToken(env('GOOGLE_ADS_DEVELOPER_TOKEN'))
->build();

The lib only provide a way to specify the refresh token, I can't provide access_token by some method like ->withAccessToken(xxxx).

So my questions:

1. does the lib automaticly retrive the acesss token and renew it? If so, where does it store acess token when it's still valid? It seems the lib store it in local file. it's not reliable in my situation because our code runs in many different servers with load balancer. I want to to handle the access token expire myself, store it in my database and renew it when expired. how?
2. If I'm wrong with access token, only the refresh token is used to auth the api call. then what does access token do?

Thank you very much.

[fiboknacky]

First, you can find more information about access tokens and refresh tokens in this Overview.

For the questions related to the client library,

does the lib automaticly retrive the acesss token and renew it? If so, where does it store acess token when it's still valid? It seems the lib store it in local file. it's not reliable in my situation because our code runs in many different servers with load balancer. I want to to handle the access token expire myself, store it in my database and renew it when expired. how?

Yes, it automatically retrieves and renews it in gax-php, a library that this client library relies on. When a method (e.g., mutateCampaigns) is called, it'll in turn call a chain of many methods. Finally, getAuthorizationHeaderCallback will be added as a callback for many methods related to sending a request via the gRPC transport.

This callback checks if the token is expired. If so, it'll in turn fetch a new access token via fetchAuthToken. Note that this method belongs to another library (google-auth-library-php). If the token is not expired yet, it'll just use the existing access token to build an authorization header.

So, you wouldn't need to worry about storing the data locally. It's handled in memory and the access token will be refreshed based on your provided refresh token.

If I'm wrong with access token, only the refresh token is used to auth the api call. then what does access token do?

You're right about the concepts of access tokens and refresh tokens.

[jasonbigl]

@fiboknacky thank you very much the for details info.

By saying

It's handled in memory and the access token will be refreshed based on your provided refresh token.

Do you mean it's handled in the server memory of running server? Still, I'm concerned about access_token because we have 10 servers running, does it means it will be retrived 10 times if they are not available in local, while in fact, it's still valid?

The best way is to store it central(such as in database), and retrive it. when it expires, renew the access token and refresh it in the database again. I can handle the retrive-renew process. But the lib just didn't provide a way to specify the access token.

Can you please take this as feature request? to Add method like ->withAccessToken($accessToken)

[fiboknacky]

Do you mean it's handled in the server memory of running server? Still, I'm concerned about access_token because we have 10 servers running, does it means it will be retrived 10 times if they are not available in local, while in fact, it's still valid?

If you run a separate instance of GoogleAdsClient, then yes, it would be like that.

Can you please take this as feature request? to Add method like ->withAccessToken($accessToken)

OK. I'll add to the list of feature requests.

[jasonbigl]

@fiboknacky yes, actually we run a separate instance of servers, please consider usage in micro-services architecture. We have 10+ servers with auto scaling running the code.

Thank you very much!

[DeveloperRob]

Hey @fiboknacky,

I would be happy to pick this up and provide a PR for this, however on reviewing https://github.com/googleapis/google-auth-library-php then there doesn't appear to be any support in that library to create either a UserRefreshCredentials class or another relevant class implementing FetchAuthTokenInterface without providing a refresh token. Would this need a patch submitted to google-auth-library-php first?

If so, should I create an issue there to see if they would be happy to accept such a PR first before returning to introduce a PR here? If I have missed something please let me know!

Thanks, Robert

[fiboknacky]

Hello Robert,

Yes, creating an issue there would be great. We might get some insight why they designed it that way. Please also add the issue you'll create here, so we can follow up on it.

Best, Knack

[DeveloperRob]

https://github.com/googleapis/google-auth-library-php/issues/427 created :)

[fiboknacky]

I see Brent has answered in the issue you created. Could you check if that works for you?

[fiboknacky]

Closing due to inactivity.