Skip to content

API access on behalf of your clients (web flow)

Anash P. Oommen edited this page Dec 14, 2018 · 3 revisions

This guide will walk you through how to setup OAuth2 for API access on behalf of your clients using web flow.

Step 1 - Creating OAuth2 credentials

Follow the steps to configure a Google API Console project for the Google Ads API.

IMPORTANT: The example below requires that you register the following as one of the Authorized redirect URIs in your project:

http://localhost/authorize
http://127.0.0.1/authorize

Step 2 - Setting up the client library

Adding OAuth2 support for your application (single login)

If your application manages only one Advertiser account (or a hierarchy of Advertiser accounts all linked under a single master manager account), then you don’t need to build OAuth2 flow into your application. You can instead run the AuthenticateInStandaloneApplication example as follows:

  1. Download the code examples from GitHub release.
  2. Unzip the folder and run Authentication\AuthenticateInStandaloneApplication example.
  3. Follow the instructions to generate necessary configuration.

Adding OAuth2 support for your application (multiple logins)

If you manage multiple unrelated AdWords accounts, then you need to build OAuth2 sign-in flow into your application as part of adding OAuth2 support for your application.

  1. Configure the following keys in your App.config / Web.config.
<add key="AuthorizationMethod" value="OAuth2" />
<add key="OAuth2ClientId" value="INSERT_OAUTH2_CLIENT_ID_HERE" />
<add key="OAuth2ClientSecret" value="INSERT_OAUTH2_CLIENT_SECRET_HERE" />
<add key="OAuth2Mode" value="APPLICATION" />
  1. When loading a page, check if the user is logged in. If they are, then navigate them to the data page. If not, send them to a login page, either manually, or in response to a user action (e.g. a button click).
  public partial class Default : Page {

    /// <summary>
    /// The login helper.
    /// </summary>
    public WebLoginHelper loginHelper;

    /// <summary>
    /// The Google Ads client.
    /// </summary>
    private GoogleAdsClient client = new GoogleAdsClient();

    /// <summary>
    /// Handles the Load event of the Page control.
    /// </summary>
    /// <param name="sender">The source of the event.</param>
    /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
    protected void Page_Load(object sender, EventArgs e) {
      this.loginHelper = new WebLoginHelper(this);
      if (loginHelper.IsLoggedIn) {
        client.Config.OAuth2RefreshToken = loginHelper.Credentials.Token.RefreshToken;
      }
    }

    /// <summary>
    /// Handles the Click event of the btnLogin control.
    /// </summary>
    /// <param name="sender">The source of the event.</param>
    /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
    protected void btnLogin_Click(object sender, EventArgs e) {
      Response.Redirect("/Login.aspx");
    }
    ...
  }
  1. On the login page, check if the page is being loaded due to a redirect from the OAuth server. If yes, capture the authorization code, and exchange it for a refresh token and access token. If not, redirect the user to the OAuth2 server for authentication.
public partial class Login : System.Web.UI.Page {

  /// <summary>
  /// The login helper.
  /// </summary>
  private WebLoginHelper loginHelper;

  /// <summary>
  /// Initializes a new instance of the <see cref="Login"/> class.
  /// </summary>
  public Login() {
    loginHelper = new WebLoginHelper(this);
  }

  /// <summary>
  /// Handles the Load event of the Page control.
  /// </summary>
  /// <param name="sender">The source of the event.</param>
  /// <param name="e">The <see cref="EventArgs"/> instance containing the event data.</param>
  protected void Page_Load(object sender, EventArgs e) {
    // Initialize login helper only in the page load, otherwise session information
    // won't be available.

    if (loginHelper.IsLoggedIn) {
      // Redirect to the main page.
      Response.Redirect("/Default.aspx");
    } else if (loginHelper.IsCallbackFromOAuthServer()) {
      loginHelper.ExchangeAuthorizationCodeForCredentials();

      // Redirect to the main page.
      Response.Redirect("/Default.aspx");
    } else {
      // Redirect the user to the OAuth2 login page.
      loginHelper.RedirectUsertoOAuthServer();
    }
  }
}

See the AuthenticateInWebApplication code example for a complete ASP.NET project.