limiting access to third party app in google ads api - oauth-2.0

I have multiple Google ads account(multiple google ads account associated with one email account) . If I give access of my google ads account to third party app will they have access to all the google ads account?
If the third party app can access all of my google ads account how do I restrict them to access only 1 account that I want.

It's not possible to restrict OAuth2 access to just a single of your Google Ads accounts. I'd recommend to create a new Google account which only has access to the Google Ads account in question and use that to authenticate with the third party app.

Related

App not showing in Google's manage third party apps section of user when users login using "Sign in with google"

I am providing sign in with google functionality on my application. Users are able to successfully login using that but my application is not showing in "Manage third party apps" section of user's google account when they login. So they do not have an option to revoke access for my app. Any ideas on what I am doing wrong here I want my app to be listed in users "Manage third party apps" section when they login successfully.
I think you are miss understanding what third party apps is. You may want to consult Manage third-party apps & services with access to your account
For example, you may download an app that helps you schedule workouts with friends. This app may request access to your Google Calendar and Contacts to suggest times and friends for you to meet up with.
Third party apps use Oauth2 to request your consent for the application to access your data. When you consent to this the application in question is given a token (refresh token) which will allow them to access your data until you revoke that access. They can access this data without you being there. So they could have something running every night to harvest your data. They have access even when you are offline. The way you revoke it is though the security page on your google account.
Sign-in does not grant any access in that manner. For signin to work you the user must be behind the machine when it is running. The application you signed into cant access your data when your offline.
There is no way for you to know which applications you have signed in using your google account. Unless they also requested some Oauth2 consent.
So again sign in is Open IdConnect and does not make it by itself a third party app. They have no access to your data after you are gone. Signin only works when the user is behind the machine.

Fetch customer Id using email & Create new Google Ads Manager account

I'm using Google Ads API PHP library in my system. But I didn't found following 2 API's in provided API list here https://developers.google.com/google-ads/api/docs/account-management/create-account:
API to find out whether user has already exist Google Ads account using email? If found then returns his 10 digit customer ID.
If user Google Ads account not found then create new Google Ads account (manager account on behalf of customer through our PHP script). So that after creating, I can link it under my manager account.
I have seen same process on few sites. Whenever user visits system, he entering his email address, name, etc.. then script searches for his existing Google Ads account if found return customer id or some data & auto logged-in to system otherwise creates new Google Ads manager account for him.
Please let me know any API or solution for these 2 cases.
1- You can use https://developers.google.com/google-ads/api/docs/account-management/get-account-hierarchy to find out all the ads account under the manager account.
2- You can use https://developers.google.com/google-ads/api/docs/account-management/create-account to create google ad account under manager account

API access to third-party apps via G Suite Admin SDK

Our company uses Sign in with Google to log into various third party applications (e.g. Atlassian Jira/Confluence, Coda, Dropbox, Hubspot etc.).
I have been able to use the Admin SDK to get API access to each user's email, calendar, drive via the domain-wide delegation. Is it possible to delegate access to all the third-party apps that are connected to the user's Google accounts too?
Ideally, I want to be able to use the third-party APIs (just the way I'm able to use Gmail, Drive, Calendar APIs) on behalf of the users—without having the users grant my application explicit access (via OAuth) for each third-party app.
It really depends on the third party app. As you noticed your users can give you (scoped) access to some other app (GSuite apps for your example) but there are more apps out there!
What prevents your user to give you access to other third party apps is the third party apps implementing this.
Let's say your users log in to spotify using a Google account for which you have scoped access to say, gmail. Your app picks up that there is a new service in town by reading the registration email from spotify and prompts the user to give access to say manage playlists and play music apt to the email begin written.
If spotify does not implement an API where the user can grant access to an app this can't be done. Also the user must grant access to some resources, say playlists, and everything else will not be available to you.
Each user must grant access, usually in form of a token that is negotiated between the service you want to call on behalf of the user, say spotify, and your app.
In our example it's spotify that grant access once you present your token and the only way to get a token would be to ask the user a grant which is usually done through some OAuth dance.
GSuite has many apps and you can set up different policies but spotify is a different app/company and is not covered by your domain-wide delegation so you really need to ask the user and the user has to grant you access.
If by any chance the third party app has some strange deal with GSuite that's another story but this is the general case.

Can adwords api apps only be accessed by MCC linked accounts?

I am looking at developing an app using the google adwords api.
I have found here that I need an MCC account to be able to access the google adwords API.
Does this mean that only people with adwords accounts linked to my MCC account can use my app?
Or can my app be accessed by anyone with an adwords account?
Your app will be able to access any AdWords account provided the owner of that account allows it.
The AdWords account does not need to be linked to your MCC.
The user of your app will have to grant permission for your app to access their AdWords account before any calls to the AdWords API are made by your app.
Check these docs on the OAuth2 flow out for further details and then these for installed applications.

Integrate Google account login into a iOS app

I want to login in my iOS App with a Google account. Instead of having a database with users and having to register all the users, I simply login with my existing Google account.
Anyone knows a way of doing this, or a tutorial?
Google Accounts Authentication and Authorization for Mobile Apps has fairly detailed instructions for authenticating Google account users and includes iOS-specific steps.

Resources