两步验证
使用集合让一切井井有条
根据您的偏好保存内容并对其进行分类。
Google Ads 授权支持在 Google Ads 账号中启用两步验证。下表列出了启用两步验证的三种情形。
用户在自己的 Google 账号中开启两步验证
|
用户可以自行决定是否为自己的 Google 账号启用两步验证。
启用两步验证后
在 OAuth2 身份验证流程中,Google 会在发放刷新令牌之前提示用户进行两步验证。刷新令牌一经颁发,即可用于生成 API 调用中所需的访问令牌。
之前的刷新令牌
在用户启用两步验证之前签发的刷新令牌在用户启用两步验证之后仍然有效。刷新令牌可用于像往常一样签发有效的访问令牌。
|
管理员要求 Google Ads 账号的用户在自己的 Google 账号中启用两步验证
|
账号管理员可以要求 Google Ads 账号的所有用户都在其 Google 账号中启用两步验证。
用户启用两步验证
在 OAuth2 身份验证流程中,Google 会在发放刷新令牌之前提示用户进行两步验证。刷新令牌一经颁发,即可用于生成 API 调用中所需的访问令牌。
用户未启用两步验证
在身份验证流程中,用户不会看到两步验证提示。此体验与 Google Ads 账号中的任何设置无关。
刷新令牌一经颁发,即可用于颁发访问令牌。不过,在用户在其 Google 账号中启用两步验证之前,使用此访问令牌进行的 API 调用将失败,并显示
TWO_STEP_VERIFICATION_NOT_ENROLLED 错误。
之前的刷新令牌
此规则也适用于在两步验证要求生效之前颁发的刷新令牌 - 刷新令牌可用于生成访问令牌,但使用这些访问令牌进行的 API 调用会失败并显示
TWO_STEP_VERIFICATION_NOT_ENROLLED 错误,直到用户在其 Google 账号中启用两步验证为止。
|
Google 要求 Google Ads 账号的所有用户都选择在自己的 Google 账号中启用两步验证{:#require-2-step}
|
在某些情况下,Google 可能会要求 Google Ads 账号的所有用户都在其 Google 账号中启用两步验证。
启用两步验证后
在 OAuth2 身份验证流程中,Google 会在发放刷新令牌之前提示用户进行两步验证。此体验与 Google 是否选择让 Google Ads 账号要求所有用户启用双重身份验证无关。
刷新令牌一经颁发,即可用于生成 API 调用中所需的访问令牌,与往常一样。
之前的刷新令牌
在用户启用两步验证之前签发的刷新令牌在用户启用两步验证之后仍然有效。刷新令牌可用于像往常一样签发有效的访问令牌。
使用此访问令牌发出的 API 调用不会遇到 TWO_STEP_VERIFICATION_NOT_ENROLLED 错误,因为两步验证选择启用是由 Google 而不是 Google Ads 账号管理员发起的。
|
如未另行说明,那么本页面中的内容已根据知识共享署名 4.0 许可获得了许可,并且代码示例已根据 Apache 2.0 许可获得了许可。有关详情,请参阅 Google 开发者网站政策。Java 是 Oracle 和/或其关联公司的注册商标。
最后更新时间 (UTC):2025-08-27。
[null,null,["最后更新时间 (UTC):2025-08-27。"],[[["\u003cp\u003eGoogle Ads authorization supports enabling 2-Step Verification for enhanced security, impacting how refresh and access tokens function.\u003c/p\u003e\n"],["\u003cp\u003eUsers voluntarily enabling 2-Step Verification or being required to by administrators or Google will encounter a 2-Step Verification prompt during authentication.\u003c/p\u003e\n"],["\u003cp\u003eIf an administrator requires 2-Step Verification, API calls will fail with an error until it's enabled, even with existing refresh tokens.\u003c/p\u003e\n"],["\u003cp\u003eRefresh tokens issued before enabling 2-Step Verification generally remain valid but may be subject to the specific scenario and enforcement level.\u003c/p\u003e\n"],["\u003cp\u003eGoogle enforcing 2-Step Verification differs from administrator enforcement, as API calls with existing refresh tokens won't encounter the \u003ccode\u003eTWO_STEP_VERIFICATION_NOT_ENROLLED\u003c/code\u003e error.\u003c/p\u003e\n"]]],[],null,["# 2-Step Verification\n\nGoogle Ads authorization supports enabling [2-Step Verification on your Google Ads\naccount](//support.google.com/google-ads/answer/12864186). The following table\npresents the three scenarios for enabling 2-Step Verification.\n\n|-----------------------------------------------------------------------------------------------------------------------------------|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|\n| ### User turns on 2-Step Verification on their own Google Account | *A user might decide on their own to turn on 2-Step Verification for their Google Account.* #### After 2-Step Verification is enabled During the [OAuth2 authentication flow](/google-ads/api/docs/oauth/client-library), Google prompts the user for 2-Step Verification before issuing a refresh token. Once issued, the refresh token can be used to generate the access token needed in API calls. #### Previous refresh tokens A refresh token that was issued before the user enabled 2-Step Verification remains valid after the user enables 2-Step Verification. The refresh token can be used to issue valid access tokens as usual. |\n| ### Administrator requires users of a Google Ads account to enable 2-Step Verification on their Google Account | *An account administrator can require all users of a Google Ads account to [enable 2-Step Verification](https://support.google.com/google-ads/answer/12865295) on their Google Account.* #### User enables 2-Step Verification During the [OAuth2 authentication flow](/google-ads/api/docs/oauth/client-library), Google prompts the user for 2-Step Verification before issuing a refresh token. Once issued, the refresh token can be used to generate the access token needed in API calls. #### User doesn't enable 2-Step Verification During the authentication flow, the user won't see the 2-Step Verification prompt. This experience is independent of any settings on the Google Ads account. Once issued, the refresh token can be used to issue access tokens. However, the API calls made using this access token will fail with a [`TWO_STEP_VERIFICATION_NOT_ENROLLED`](/google-ads/api/reference/rpc/v21/AuthenticationErrorEnum.AuthenticationError#two_step_verification_not_enrolled) error until the user enables 2-Step Verification in their Google Account. ##### Previous refresh tokens This rule applies to refresh tokens issued prior to the 2-Step Verification requirement as well---the refresh token can be used to generate access tokens, but API calls made with these access tokens will fail with a [`TWO_STEP_VERIFICATION_NOT_ENROLLED`](/google-ads/api/reference/rpc/v21/AuthenticationErrorEnum.AuthenticationError#two_step_verification_not_enrolled) error until the user enables 2-Step Verification in their Google Account. |\n| ### Google requires all users of a Google Ads account to opt in to 2-step verification on their Google Account {:#require-2-step} | *In some cases, Google might require all users of a Google Ads account to enable 2-step verification on their Google Account.* #### After 2-Step Verification is enabled During the [OAuth2 authentication flow](/google-ads/api/docs/oauth/client-library), Google prompts the user for 2-Step Verification before issuing a refresh token. This experience is independent of whether Google opted in the Google Ads account to require all its users to enable 2-factor verification. Once issued, the refresh token can be used to generate the access token needed in API calls as usual. #### Previous refresh tokens A refresh token that was issued before the user enabled 2-Step Verification remains valid after the user enables 2-Step Verification. The refresh token can be used to issue a valid access token as usual. API calls made using this access token won't encounter the `TWO_STEP_VERIFICATION_NOT_ENROLLED` error because the 2-Step Verification opt-in was initiated by Google and not by the Google Ads account administrator. |"]]