Thanks Sherwin, but the technical part that I struggle with has nothing to do with the Python library. It actually has to do with some proprietary piece of Google tech used during the OAUTH procedure. All the library does is spin up a server, produce a link for OAUTH verification, and makes the server wait for a call back. I want to discuss what happens inside that link for OAUTH verification.
During the verification process there are a few steps: 1. Open the link 2. Select your Google account 3. Hit "Continue" after reviewing the app permissions 4. A callback automatically occurs to the server span up by the Python library At step 3 (having to do with Google-not the Python library), a payload is sent to this address " https://accounts.google.com/signin/oauth/consent/approval"; That payload includes (most importantly) two variables; "f.req" and "at". It would seem that "at" is an XSRF mitigation parameter, tied to the user’s Google account and paired with a UNIX Timestamp Focusing on just variable "f.req" right now, it takes on the structure of an array and includes 1 token that I can not figure out how to reproduce. The 1 token in question begins with "!ChR", and the browser's webpage uses Javascript to generate it. That "!ChR" is then placed into the "f.req" array, which is placed inside the payload to "https://accounts.google.com/signin/oauth/consent/approval";. Finally, once sent via POST, the " https://accounts.google.com/signin/oauth/consent/approval"; server will respond with a link to be used for the callback. I want help reproducing the "!ChR" thing manually. On Tuesday, November 15, 2022 at 11:20:48 PM UTC-8 adsapi wrote: > Hi Chadwood, > > Thank you for reaching us out. I am Sherwin from Google Ads API support > team. I hope that you are doing well today. > > I can see that this is regarding OAuth Desktop and Web Application Flows > <https://developers.google.com/google-ads/api/docs/client-libs/python/oauth-web>. > > And since you have questions with regard to Oauth with Python, we highly > suggest you to reach out the client library owner of Python using this > link <https://github.com/googleads/google-ads-python/issues>. > > Kind regards, > [image: Google Logo] > Sherwin Vincent > Google Ads API Team > > > ref:_00D1U1174p._5004Q2gPExm:ref > -- -- =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ Also find us on our blog: https://googleadsdeveloper.blogspot.com/ =~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~ You received this message because you are subscribed to the Google Groups "AdWords API and Google Ads API Forum" group. To post to this group, send email to adwords-api@googlegroups.com To unsubscribe from this group, send email to adwords-api+unsubscr...@googlegroups.com For more options, visit this group at http://groups.google.com/group/adwords-api?hl=en --- You received this message because you are subscribed to the Google Groups "Google Ads API and AdWords API Forum" group. To unsubscribe from this group and stop receiving emails from it, send an email to adwords-api+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/adwords-api/9eb5b468-63c0-45e4-a2da-6bc2e1cfcdc6n%40googlegroups.com.
