Skip to main content
Glama
martechery

Google Ads MCP Server

by martechery
OverviewSchemaRelated ServersScoreDiscussions
TypeScript
Hybrid

refresh_access_token

Refresh access tokens for Google Ads API sessions in multi-tenant mode to maintain authentication and continue API operations.

Instructions

Refresh the access token for a session (multi-tenant mode). Requires GOOGLE_OAUTH_CLIENT_ID/SECRET.

Input Schema

TableJSON Schema
NameRequiredDescriptionDefault
session_keyYesUUID v4 session key

Implementation Reference

  • src/utils/connection-manager.ts:186-214 (handler)
    Core handler function that refreshes the access token for the given session key by calling the OAuth2 refresh and updating the session credentials.
    export async function refreshAccessTokenForSession(sessionKey: string): Promise<GoogleCredential> { const ctx = connections.get(sessionKey); if (!ctx) throw new Error('No session found'); const cred = ctx.credentials; if (!cred.refresh_token) throw new Error('No refresh token available'); if (ctx.refreshPromise) return ctx.refreshPromise; ctx.refreshPromise = refreshTokenWithOAuth2Client(cred) .then((updated) => { ctx.credentials = updated; ctx.refreshPromise = undefined; refreshCount++; try { emitMcpEvent({ timestamp: nowIso(), tool: 'token_refresh', session_key: sessionKey, response_time_ms: 0 }); } catch (e) { void e; } return updated; }) .catch((err) => { ctx.refreshPromise = undefined; // Purge on invalid_grant per security model if (String(err?.message || '').includes('invalid_grant')) { connections.delete(sessionKey); try { emitMcpEvent({ timestamp: nowIso(), tool: 'session_ended', session_key: sessionKey, response_time_ms: 0, reason: 'invalid_grant' }); } catch (e) { void e; } } refreshFailureCount++; try { emitMcpEvent({ timestamp: nowIso(), tool: 'token_refresh', session_key: sessionKey, response_time_ms: 0, error: { code: 'ERR_REFRESH_FAILED', message: String(err?.message || err) } }); } catch (e) { void e; } throw err; }); return ctx.refreshPromise; }
  • src/server-tools.ts:847-879 (registration)
    Registration of the 'refresh_access_token' tool, including input validation, environment checks, and wrapper handler that delegates to refreshAccessTokenForSession.
    addTool( server, 'refresh_access_token', 'Refresh the access token for a session (multi-tenant mode). Requires GOOGLE_OAUTH_CLIENT_ID/SECRET.', RefreshAccessTokenZ, async (input: any) => { if (process.env.ENABLE_RUNTIME_CREDENTIALS !== 'true') { return { content: [{ type: 'text', text: 'Multi-tenant mode not enabled' }] }; } const clientId = (process.env.GOOGLE_OAUTH_CLIENT_ID || '').trim(); const clientSecret = (process.env.GOOGLE_OAUTH_CLIENT_SECRET || '').trim(); if (!clientId || !clientSecret) { return { content: [{ type: 'text', text: 'OAuth client credentials not set. Set GOOGLE_OAUTH_CLIENT_ID and GOOGLE_OAUTH_CLIENT_SECRET to enable token refresh.' }] }; } try { validateSessionKey(String(input?.session_key || '')); } catch (e: any) { return { content: [{ type: 'text', text: `Error: ${e?.message || String(e)}` }] }; } try { const updated = await refreshAccessTokenForSession(String(input.session_key)); const masked = updated.access_token && updated.access_token.length > 8 ? `${updated.access_token.slice(0,4)}****${updated.access_token.slice(-4)}` : '****'; const expiresIn = Math.max(0, Math.floor(((updated.expires_at || (Date.now()+3600000)) - Date.now())/1000)); return { content: [{ type: 'text', text: JSON.stringify({ status: 'refreshed', expires_in: expiresIn, masked_token: masked }) }] }; } catch (e: any) { const msg = String(e?.message || e); if (msg.includes('invalid_grant')) { return { content: [{ type: 'text', text: JSON.stringify({ error: { code: 'ERR_INVALID_GRANT', message: 'Refresh token invalid or revoked. Re-authentication required.' } }) }] }; } return { content: [{ type: 'text', text: JSON.stringify({ error: { code: 'ERR_REFRESH_FAILED', message: msg } }) }] }; } } );
  • src/schemas.ts:94-96 (schema)
    Zod schema for the refresh_access_token tool input: requires session_key.
    export const RefreshAccessTokenZ = z.object({ session_key: z.string().describe('UUID v4 session key'), });
  • src/utils/connection-manager.ts:161-184 (helper)
    Helper function that performs the actual OAuth2 access token refresh using google-auth-library.
    async function refreshTokenWithOAuth2Client(cred: GoogleCredential): Promise<GoogleCredential> { const clientId = (process.env.GOOGLE_OAUTH_CLIENT_ID || '').trim(); const clientSecret = (process.env.GOOGLE_OAUTH_CLIENT_SECRET || '').trim(); if (!clientId || !clientSecret) throw new Error('OAuth client credentials not set'); const { OAuth2Client } = await import('google-auth-library'); const oauth2Client = new OAuth2Client({ clientId, clientSecret }); oauth2Client.setCredentials({ refresh_token: cred.refresh_token }); try { const { credentials } = await (oauth2Client as any).refreshAccessToken(); if (!credentials?.access_token) throw new Error('No access token in refresh response'); return { ...cred, access_token: credentials.access_token, expires_at: credentials.expiry_date || (Date.now() + 3600 * 1000), }; } catch (e: any) { const msg = String(e?.message || e); if (msg.includes('invalid_grant')) { throw new Error('invalid_grant: Refresh token is invalid or revoked'); } throw e; } }
Install Server

Other Tools

Latest Blog Posts

MCP directory API

We provide all the information about MCP servers via our MCP API.

curl -X GET 'https://glama.ai/api/mcp/v1/servers/martechery/mcp-google-ads-ts'

If you have feedback or need assistance with the MCP directory API, please join our Discord server