附加帐户的OAuth失败 [英] OAuth failure for attached account
问题描述
背景: 我已经创建了一个帐户和应用程序,以便为该帐户设置一组客户端ID,客户端密钥和刷新令牌。 使用这些以及开发人员令牌,我可以从AdWords API中提取报告。
特别是KeywordPerformance报告。
完成此处列出的步骤后http://msdn.microsoft.com/en-us/library/bing- ads-user-authentication-oauth-guide.aspx #authoriccode我获得了另一个帐户的刷新令牌,并希望为该帐户提取相同的报告。
帐户AI具有客户端ID,客户端密钥,刷新令牌和开发人员令牌
对于帐户BI,刷新令牌为
我能够使用帐户A的客户端ID和客户端密钥调用login.live.com/oauth20_token.srf,并使用帐户B的刷新令牌使用grant_type的刷新令牌获取后续请求所需的访问令牌。 ;这似乎返回一个有效的令牌
供使用。
$
当我使用返回的令牌和账户A的开发者令牌拨打电话到GetAccountsInfoRequest我得到一个失败代码105,InvalidCredentials。
我也可以作为帐户B登录,并看到我已授予访问该应用程序的权限。
我以为我需要获取帐户B的客户端ID,客户端密码和刷新令牌,以便我可以使用它来请求我可以与关联的开发人员令牌一起使用的访问令牌到帐户A创建的应用程序。
注意:虽然我们控制了帐户B的登录,但它是另一个帐户结构的一部分,我们只提取数据对于子帐户
我的目标是能够提取和修改帐户B的广告系列数据。 帐户A只是一个允许我拥有应用程序并提取数据的钩子。
如果对应用程序有任何疑惑设置与访问帐户,我会很快澄清几点。
首先,客户端ID和客户端密钥与给定的应用程序相关联。访问令牌和刷新令牌与给定用户即Microsoft帐户用户相关联。因此,我建议我们不要在账户方面说"有"。
这些参数/值对。当然,您最初创建了访问帐户A的应用程序,现在您想使用相同的应用程序权限访问帐户B?
关于帐户级别访问,您需要一个可以访问的帐户您想要访问的帐户。你有一个用户吗? user@contoso.com谁有权访问帐户A和帐户B,或登录
Bing Ads Web应用程序您是否需要使用其他用户来查看/访问帐户B?例如,如果用户可以访问帐户A而不是帐户B,则会出现105错误代码。另请注意,
可以让Microsoft帐户用户向您的应用程序授予您要求的任何权限(即范围) = bingads.manage),但该Microsoft帐户用户可能无权访问任何Bing Ads帐户。
这是另一种可能需要考虑的问题。如果您使用其他用户访问帐户B,如果DeveloperToken不是多用户令牌,您可能会看到105错误代码。换句话说,如果为可以访问帐户A的Microsoft
帐户用户配置了单用户DeveloperToken,则在将DeveloperToken升级为多用户之前,不能将同一个DeveloperToken用于任何其他用户。有关详细信息,请参阅
帐户权限和开发人员令牌。
如果您仍然收到105错误并且您确定用户例如user@contoso.com可以访问帐户B,然后我建议您将SOAP请求和响应升级到支持调查(包括Microsoft帐户/电子邮件):http://msdn.microsoft.com/en-US/library /aa983155.aspx#engagesupport
.. 105错误可能是由您的请求的其他部分引起的,即使凭据有效。
我希望这有助于!
Background: I have already created an account and application so that I have a set of client id, client secret and refresh tokens for that account. Using those along with the developer token I am able to pull reports from the AdWords API.
Specifically the KeywordPerformance report.
After going through the steps listed here http://msdn.microsoft.com/en-us/library/bing-ads-user-authentication-oauth-guide.aspx#authorizationcode I got the refresh token for another account and would like to pull the same report for that account.
For Account A I have a client Id, client secret, refresh token, and developer token
For Account B I have the refresh token
I am able to call login.live.com/oauth20_token.srf with Account A's client Id and client secret, and Account B's refresh token to get the access token needed for subsequent requests using a grant_type of refresh token. This appears to return a valid token
for use.
When I make a call with the token returned and Account A's developer token to GetAccountsInfoRequest I am getting a failure code 105, InvalidCredentials.
I am also able to login as Account B and see that I have granted access to the application.
I thought I would need to get hold of the client id, client secret, and refresh token for Account B so that I could use it to request an access token that I can use with the developer token associated to the application that Account A has created.
Note : Though we have control of the login for Account B it is part of another account structure and we are pulling data only for the sub-account
My goal is to be able to pull and modify Account B's ad campaign data. Account A is just a hook to allow me to have an application and to pull data.
In case there is any confusion about application settings versus access to accounts, I'll quickly clarify a few points.
First thing is that Client Id and Client Secret are associated with a given application. The Access Token and Refresh Token are associated with a given user i.e. Microsoft Account user. So I suggest we not speak in terms of an Account "having" these parameter/value pairs. Sure, you initially created the application to access Account A, and now you want to access Account B using the same application right?
Regarding account level access you need a Microsoft Account which has access to whichever account you want to access. Do you have a user e.g. user@contoso.com who has access to both Account A and Account B, or when logging into the Bing Ads web application do you need to use a different user to view / access Account B? The 105 error code would be expected for example if the user can access Account A, but not Account B. Also note that it is possible for a Microsoft Account user to grant your application whatever permissions you are asking for (i.e. scope=bingads.manage), but that Microsoft Account user might not have access to any Bing Ads account.
Here's another possibility to consider. If you are using a different user to access Account B, you might observe a 105 error code if the DeveloperToken is not a multi-user token. In other words if a single-user DeveloperToken was provisioned for a Microsoft Account user who can access Account A, the same DeveloperToken cannot be used for any other user until you upgrade the DeveloperToken to multi-user. For more information please see Account Permissions and the Developer Token.
If you are still getting a 105 error and you are sure the user e.g. user@contoso.com has access to Account B, then I suggest you escalate your SOAP request and response to support for investigation (including Microsoft account / email): http://msdn.microsoft.com/en-US/library/aa983155.aspx#engagesupport .. The 105 error might be caused by some other part of your request, even if the credentials are valid.
I hope this helps!
这篇关于附加帐户的OAuth失败的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
