Google Adwords API错误：无效授权

Question

我尝试使用服务帐户和使用Ruby API library的JWT对Adwords API进行身份验证时收到此错误。

我正在复制example provided，但它似乎无法正常工作。

/home/michael/.rvm/gems/ruby-2.1.2/gems/signet-0.5.1/lib/signet/oauth_2/client.rb:941:in`fetch_access_token'：授权失败。服务器消息：（Signet :: AuthorizationError） {   “错误”：“invalid_grant” }

adwords_api.yml

---
# This is an example configuration file for the AdWords API client library.
# Please fill in the required fields, and copy it over to your home directory.
:authentication:
  # Authentication method, methods currently supported: OAUTH2, OAUTH2_JWT.
  :method: OAUTH2_JWT


  # Auth parameters for OAUTH2_JWT method. See:
  #   https://developers.google.com/accounts/docs/OAuth2ServiceAccount
  :oauth2_issuer: 43242...apps.googleusercontent.com 
  :oauth2_secret: 'notasecret'
  # You can provide path to a file with 'oauth2_keyfile' or the key itself with
  # 'oauth2_key' option.
  :oauth2_keyfile: /home/.../google-api-key.p12
  # To impersonate a user set prn to an email address.
  :oauth2_prn: my@email.com

  # Other parameters.
  :developer_token: ua...w
  :client_customer_id: 123-123-1234
  :user_agent: test-agent
:service:
  # Only production environment is available now, see: http://goo.gl/Plu3o
  :environment: PRODUCTION
:connection:
  # Enable to request all responses to be compressed.
  :enable_gzip: false
  # If your proxy connection requires authentication, make sure to include it in
  # the URL, e.g.: http://user:password@proxy_hostname:8080
  # :proxy: INSERT_PROXY_HERE
:library:
  :log_level: INFO

test.rb

#!/usr/bin/env ruby

require 'adwords_api'

def use_oauth2_jwt()
  adwords = AdwordsApi::Api.new

  adwords.authorize()

  campaign_srv = adwords.service(:CampaignService, API_VERSION)

  selector = {
    :fields => ['Id', 'Name', 'Status'],
    :ordering => [
      {:field => 'Name', :sort_order => 'ASCENDING'}
    ]
  }

  response = campaign_srv.get(selector)
  if response and response[:entries]
    campaigns = response[:entries]
    campaigns.each do |campaign|
      puts "Campaign ID %d, name '%s' and status '%s'" %
          [campaign[:id], campaign[:name], campaign[:status]]
    end
  else
    puts 'No campaigns were found.'
  end
end

if __FILE__ == $0
  API_VERSION = :v201409

  begin
    use_oauth2_jwt()

  # HTTP errors.
  rescue AdsCommon::Errors::HttpError => e
    puts "HTTP Error: %s" % e

  # API errors.
  rescue AdwordsApi::Errors::ApiException => e
    puts "Message: %s" % e.message
    puts 'Errors:'
    e.errors.each_with_index do |error, index|
      puts "\tError [%d]:" % (index + 1)
      error.each do |field, value|
        puts "\t\t%s: %s" % [field, value]
      end
    end
  end
end

Answer 1

由于它是基于授权的，因此很难明确回答，因此错误消息是一个美化的“未授权”消息。

我真正能做的就是建议一些事情要检查（承认你已经经历过这些事情）：

• 您的开发人员令牌肯定显示为“已批准”？ （你可以在客户中心检查这个 - 通过设置cog然后帐户然后adwords api center）
• 您已通过Google Developer Console
注册了申请
• 您（或您尝试访问的帐户的所有者）已授权您的申请 - 可能是通过this guide和肯定在某个地方看到其中一项内容：

如果您已经检查了所有这些，那么我可以建议的另一件事就是official forum的帖子，他们往往会提供帮助，并经常将授权问题“离线”以查看实际的肥皂请求等（我发现这比试图通过AdWords支持级别更快更容易）

祝你好运！

Answer 2

经过几个小时的摆弄，我终于通过将oauth2_prn设置为MCC和Google Apps for Business帐户的主电子邮件来实现它。