Hi Sherwin,
I have found this thread that matches exactly the issue that I'm
experiencing. I am trying to migrate our API call from using OAuth OOB flow
to use a service account instead, as OOB will be blocked from Oct 3, 2022,
according to an email from Google.
I followed the guide linked and configured python client library, but got
the NOT_ADS_USER error. The following are the logs:
```
/usr/local/lib/python3.8/site-packages/google/ads/googleads/v11/services/services/google_ads_service/client.py
line 3327 in search
response = rpc(
/usr/local/lib/python3.8/site-packages/google/api_core/gapic_v1/method.py
line 154 in __call__
return wrapped_func(*args, **kwargs)
/usr/local/lib/python3.8/site-packages/google/api_core/grpc_helpers.py
line 50 in error_remapped_callable
return callable_(*args, **kwargs)
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 216 in
__call__
response, ignored_call = self._with_call(request,
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 257 in
_with_call
return call.result(), call
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 126 in
result
raise self._exception
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 241 in
continuation
response, call = self._thunk(new_method).with_call(
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 266 in
with_call
return self._with_call(request,
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 257 in
_with_call
return call.result(), call
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 126 in
result
raise self._exception
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 241 in
continuation
response, call = self._thunk(new_method).with_call(
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 266 in
with_call
return self._with_call(request,
/usr/local/lib/python3.8/site-packages/grpc/_interceptor.py line 254 in
_with_call
call = self._interceptor.intercept_unary_unary(continuation,
/usr/local/lib/python3.8/site-packages/google/ads/googleads/interceptors/exception_interceptor.py
line 99 in intercept_unary_unary
self._handle_grpc_failure(response)
/usr/local/lib/python3.8/site-packages/google/ads/googleads/interceptors/exception_interceptor.py
line 71 in _handle_grpc_failure
raise self._get_error_from_response(response)
GoogleAdsException: (<_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAUTHENTICATED
details = "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid authentication
credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.";
debug_error_string = "UNKNOWN:Error received from peer
ipv4:142.250.70.234:443 {grpc_message:"Request is missing required
authentication credential. Expected OAuth 2 access token, login cookie or
other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.";,
grpc_status:16, created_time:"2022-09-21T06:36:19.909217836+00:00"}"
>, <_InactiveRpcError of RPC that terminated with:
status = StatusCode.UNAUTHENTICATED
details = "Request is missing required authentication credential.
Expected OAuth 2 access token, login cookie or other valid authentication
credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.";
debug_error_string = "UNKNOWN:Error received from peer
ipv4:142.250.70.234:443 {grpc_message:"Request is missing required
authentication credential. Expected OAuth 2 access token, login cookie or
other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.";,
grpc_status:16, created_time:"2022-09-21T06:36:19.909217836+00:00"}"
>, errors {
error_code {
authentication_error: NOT_ADS_USER
}
message: "User in the cookie is not a valid Ads user."
}
request_id: "dqYyLJV7xi-TvefjLuriiw"
, 'dqYyLJV7xi-TvefjLuriiw')
-------------------- >> begin captured logging << --------------------
google.auth.transport.requests: DEBUG: Making request: POST
https://oauth2.googleapis.com/token
urllib3.connectionpool: DEBUG: Starting new HTTPS connection (1):
oauth2.googleapis.com:443
urllib3.connectionpool: DEBUG: https://oauth2.googleapis.com:443 "POST
/token HTTP/1.1" 200 None
google.ads.googleads.client: INFO: Request
-------
Method: /google.ads.googleads.v11.services.GoogleAdsService/Search
Host: googleads.googleapis.com
Headers: {
"developer-token": "REDACTED",
"x-goog-api-client": "gl-python/3.8.14 grpc/1.48.1 gax/2.8.2
gccl/17.0.0",
"x-goog-request-params": "customer_id=8177090057"
}
Request: customer_id: "8177090057"
query: "\n SELECT\n campaign.id,\n
campaign.name,\n metrics.impressions,\n
metrics.clicks,\n metrics.cost_micros,\n
segments.date\n FROM campaign\n WHERE segments.date
BETWEEN \'2022-04-18\' AND \'2022-04-20\'\n "
Response
-------
Headers: {
"google.ads.googleads.v11.errors.googleadsfailure-bin":
"\n2\n\u0003\u0001\u000e\u0012+User in the cookie is not a valid Ads
user.\u0012\u0016dqYyLJV7xi-TvefjLuriiw",
"grpc-status-details-bin": "\b\u0010\u0012\u0001Request is missing
required authentication credential. Expected OAuth 2 access token, login
cookie or other valid authentication credential. See
https://developers.google.com/identity/sign-in/web/devconsole-project.\u001a\u0001\nDtype.googleapis.com/google.ads.googleads.v11.errors.GoogleAdsFailure\u0012L\n2\n\u0003\u0001\u000e\u0012+User
in the cookie is not a valid Ads user.\u0012\u0016dqYyLJV7xi-TvefjLuriiw",
"request-id": "dqYyLJV7xi-TvefjLuriiw"
}
Fault: errors {
error_code {
authentication_error: NOT_ADS_USER
}
message: "User in the cookie is not a valid Ads user."
}
request_id: "dqYyLJV7xi-TvefjLuriiw"
google.ads.googleads.client: WARNING: Request made: ClientCustomerId:
8177090057, Host: googleads.googleapis.com, Method:
/google.ads.googleads.v11.services.GoogleAdsService/Search, RequestId:
dqYyLJV7xi-TvefjLuriiw, IsFault: True, FaultMessage: User in the cookie is
not a valid Ads user.
--------------------- >> end captured logging << ---------------------
```
Please advice, thank you!
On Wednesday, July 27, 2022 at 7:47:18 PM UTC+10 Google Ads API and AdWords
API Forum wrote:
> Hi Vitaly,
>
> Thank you for posting your concern.
>
> With regard to the NOT_ADS_USER
> <https://developers.google.com/google-ads/api/docs/best-practices/common-errors?hl=en#not_ads_user>
> error,
> this error occurs when login user account / email address used to generate
> the access token is not associated with any Google Ads account. With this,
> make sure to log in with a valid Google Ads account (typically your manager
> account) for the OAuth flow.
>
> Also, I would recommend using the Desktop app flow (
> https://developers.google.com/google-ads/api/docs/oauth/client-library)
> instead and not the service account flow if you can. You can only use
> it unless you need a domain-specific feature (for example, impersonation).
> One step being incorrect means that it won't work for service accounts,
> which appears to be the case here.
>
> However, if you still want to use service account, then make sure you to
> follow this guide
> <https://developers.google.com/google-ads/api/docs/oauth/service-accounts?hl=en>
> and
> use your desired client library
> <https://developers.google.com/google-ads/api/docs/client-libs?hl=en> to
> lessen the incorrect set up because as I mentioned earlier one incorrect
> set up and service accounts will not work.
>
> If the error persists after trying the provided suggestions, then please
> provide the email address / user account used to set up service account and
> complete request
> <https://developers.google.com/google-ads/api/docs/concepts/field-service#request>
> and response
> <https://developers.google.com/google-ads/api/docs/concepts/field-service#response>
> logs
> with request ID
> <https://developers.google.com/google-ads/api/docs/concepts/call-structure#request-id>
> generated
> on your end to investigate. Please provide the requested details via *Reply
> privately to author* option.
>
> Kind regards,
> Sherwin VIncent
> Google Ads API Team
> On Tuesday, July 19, 2022 at 5:18:49 PM UTC+8 vitaly....@suse.com wrote:
>
>> Hi Google team,
>>
>> I am facing the following issue. I was able to get the data via API using
>> the refresh token which was created manually with OAuth 2.0 Playground. But
>> it is valid just for 7 days. Now I am trying to make it work with service
>> account but seems like I am doing something wrong. I am using
>> google-ads.yaml file where I provide developer_token, json_key_file_path
>> and impersonated_email, which I guess should be (###@###-
>> 123456.iam.gserviceaccount.com) and login customer_id. Here is the
>> error I am getting:
>>
>> "Request is missing required authentication credential. Expected OAuth 2
>> access token, login cookie or other valid authentication credential. See
>> https://developers.google.com/identity/sign-in/web/devconsole-project
>> .","grpc_status":16}"
>> >, errors {
>> error_code {
>> authentication_error: NOT_ADS_USER
>> }
>> message: "User in the cookie is not a valid Ads user."
>> }
>> request_id: "2m7ydydG--mQc5rNksXw3w"
>> , '2m7ydydG--mQc5rNksXw3w')
>>
>> Please assist.
>>
>> Thanks,
>>
>> Vitaly
>>
>
--
--
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
Also find us on our blog:
https://googleadsdeveloper.blogspot.com/
=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~=~
You received this message because you are subscribed to the Google
Groups "AdWords API and Google Ads API Forum" group.
To post to this group, send email to adwords-api@googlegroups.com
To unsubscribe from this group, send email to
adwords-api+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/adwords-api?hl=en
---
You received this message because you are subscribed to the Google Groups
"Google Ads API and AdWords API Forum" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to adwords-api+unsubscr...@googlegroups.com.
To view this discussion on the web visit
https://groups.google.com/d/msgid/adwords-api/d6e9b471-643e-41b8-bf88-81ee80adc298n%40googlegroups.com.
