Found this:
- f.req is an array of “envelopes” for each payload in the batch. I’ll
dive deeper into the structure of this later.
- at is another XSRF mitigation parameter, this time tied to the user’s
Google account and paired with a UNIX timestamp.
<https://en.wikipedia.org/wiki/Unix_time>
This is helpful for the at call. I guess I just need to understand whats at
index 2 of f.req
On Tuesday, November 15, 2022 at 4:31:07 PM UTC-8 Chad Wood wrote:
> Again, this is all sent from the OAUTH flow for Desktop Apps. It's at the
> last step; basically this sends and you guys respond with a URL to be used
> for the callback.
> On Tuesday, November 15, 2022 at 4:22:59 PM UTC-8 Chad Wood wrote:
>
>> Here's an example of the payload I want to reproduce (values changed to
>> prevent reuse)
>>
>> test_req = {
>> 'f.req': [
>> True,
>>
>> '!ChRxa0FhVGI1X294dHwOOsPwQrVIMxIfZ3g3TmFyZklDMFlTa013TWpqbVNUV1h5Vk17D3KqZw∙AD98QVYAAAAAY3VIexEJuF7PQTpFZd2Q1Zaaw8v28eK3',
>> None,
>> None,
>> [
>> 'gf.sad',
>> ['scope_goes_here'],
>> [],
>> []
>> ],
>> [
>> None,
>>
>> 'client_id_goes_here_but_my_message_is_deleted_when_a_mock_is_included_:(',
>> [' scope_goes_here '
>> <https://www.googleapis.com/auth/adwords'>],
>>
>> '!ChRxa0FhVGI1X294dHwOOsPwQrVIMxIfZ3g3TmFyZklDMFlTa013TWpqbVNUV1h5Vk17D3KqZw∙AD98QVYAAAAAY3VIexEJuF7PQTpFZd2Q1Zaaw8v28eK3,
>> None,
>> None,
>> None,
>> None,
>> None,
>> None,
>> None,
>> 'redirect_url_goes_here',
>> None,
>> False,
>> None,
>> None,
>> None,
>> True,
>> None,
>> None,
>> None,
>> None,
>> 14,
>> None,
>> True,
>> [],
>> False,
>> False,
>> True,
>> None,
>> [
>> [
>> 'scope_goes_here',
>> 1200,
>> False,
>> False
>> ]
>> ],
>> None,
>> True,
>> None,
>> 1,
>> True,
>> None,
>> None,
>> 2,
>> False,
>> None,
>> False
>> ]
>> ],
>> 'at': 'AFofLUWPdG5b6SxxxapUVk_BaGsQI9uqcA:1643372251920'
>> }
>>
>>
>>
>> I honestly just need to know what my browser is going to generate these
>> two variables;
>> 'f.req'[2] -----
>> !ChRxa0FhVGI1X294dHwOOsPwQrVIMxIfZ3g3TmFyZklDMFlTa013TWpqbVNUV1h5Vk17D3KqZw∙AD98QVYAAAAAY3VIexEJuF7PQTpFZd2Q1Zaaw8v28Dg4
>>
>> 'at' ---- AFofLUWPdG5b6SxxxapPWk_JaKsQI9uqcA:1643372251920
>>
>>
>> What is it using as input, and the process to mutate it into this
>> provided format for the POST request.
>>
>>
>>
>>
>> On Tuesday, November 15, 2022 at 3:10:02 PM UTC-8 Chad Wood wrote:
>>
>>> https://groups.google.com/g/adwords-api/c/bAgqtTr5OoY
>>> This issue has branched into a follow up question that should probably
>>> be handled separately.
>>>
>>> I'm investigating the process of requesting refresh tokens. I use the
>>> client library for Python titled "generate_user_credentials.py" for Desktop
>>> app flow. In truth, the app is just querying data from Ads and using it for
>>> internal reporting.
>>>
>>> The library spins up a server that waits for a callback with a string
>>> query specifying:
>>> 1. state
>>> 2. code
>>> 3. scope
>>>
>>> State and Scope are easy to get, as they're provided in the original
>>> oauth link used to authenticate. Code is much more difficult to reproduce,
>>> though it seems that you guys actually generate that on your end and send
>>> back in one of the page's POST requests.
>>>
>>> So I investigated that POST request, which goes to "
>>> https://accounts.google.com/signin/oauth/consent/approval";. It appears
>>> to require the following:
>>> *params:*
>>> 1. authuser
>>> *headers:*
>>> 1.Content-Type
>>> 2.Cookie
>>> *payload:*
>>> f.req = some_array
>>> at = some_string
>>>
>>> Most of these seem to be constants, but I am struggling with the
>>> *some_array
>>> *and *some_string* values.
>>>
>>> *some_array *contains a token that begins with "!ChR" + a ' ∙ '
>>> separator for a second value, and I can not reproduce it so far. It must be
>>> generated client-side, as I have checked all incoming data for this token
>>> and can not find it. I have the feeling it's a hash of something else, but
>>> when reviewing the javascript I was completely lost. I don't know
>>> javascript, so it's difficult to read (on top of there being A LOT of js to
>>> sort through).
>>>
>>> I haven't gotten to the *at *variable that contains its own token yet,
>>> but I'll need to understand how this is generated as well.
>>>
>>> Can someone help me get to a point where I can reproduce the token
>>> beginning with "!ChR"? Also the value for "at" in the payload.
>>>
>>> Thank you
>>>
>>>
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to the Google Groups
"Google Ads API and AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/adwords-api/b71c3962-c197-41ba-9dd8-22bd64c7a95cn%40googlegroups.com.
