OAuth Desktop Application Flow

This guide walks you through how to set up OAuth2 for API access using your own credentials in the desktop (installed) app flow. These steps only need to be done once, unless you revoke, delete, or need to change the allowed scopes for your OAuth2 credentials.

Step 1 - Creating OAuth2 credentials

Generate a client ID and secret by following the linked instructions, then come back to this page.

Step 2 - Setting up the client library

Adding OAuth2 support for your app (single login)

If your app manages only one Advertiser account (or a hierarchy of Advertiser accounts all linked under a single master manager account), then you don't need to build an OAuth2 flow into your app. You can perform the following steps instead:

  1. Download and run the AuthenticateInDesktopApplication example.
  2. Follow the application instructions to generate necessary configuration.

Adding OAuth2 support for your app (multiple logins)

If you manage multiple unrelated Google Ads accounts, then you need to build OAuth2 sign-in flow into your application as follows:

  1. Configure the following keys in your App.config / Web.config. See the configuration guide for details.

    <add key="AuthorizationMethod" value="OAuth2" />
    <add key="OAuth2ClientId" value="INSERT_OAUTH2_CLIENT_ID_HERE" />
    <add key="OAuth2ClientSecret" value="INSERT_OAUTH2_CLIENT_SECRET_HERE" />
    <add key="OAuth2Mode" value="APPLICATION" />
    
  2. At runtime, prompt the user to authorize your application:

    public class ConsoleExample
    {
        private const string GOOGLE_ADS_API_SCOPE = "https://www.googleapis.com/auth/adwords";
    
        static void Main(string[] args)
        {
            GoogleAdsConfig config = new GoogleAdsConfig();
            // Load the JSON secrets.
            ClientSecrets secrets = new ClientSecrets()
            {
                 ClientId = config.OAuth2ClientId,
                 ClientSecret = config.OAuth2ClientSecret
            };
    
            // Authorize the user using desktop application flow.
            Task<UserCredential> task = GoogleWebAuthorizationBroker.AuthorizeAsync(
                secrets,
                new string[] { GOOGLE_ADS_API_SCOPE },
                String.Empty,
                CancellationToken.None,
                new NullDataStore()
            );
            UserCredential credential = task.Result;
    
            // Store this token for future use.
            string refreshToken = credential.Token.RefreshToken;
    
            // To make a call, set the refreshtoken to the config, and
            // create the GoogleAdsClient.
            config.OAuth2RefreshToken = refreshToken;
            GoogleAdsClient client = new GoogleAdsClient(config);
    
            // Now use the client to create services and make API calls.
            // ...
        }
    }
    

See the AuthenticateInDesktopApplication code example for a complete console application example.