Skip to content

/googleads-java-lib

Using OAuth2.0

Josh Radcliff edited this page · 8 revisions

An authorization method is a schema the client application uses to gain access to account information. AdWords, DFP, and DFA support OAuth2.0. Previously, in a blog post we've covered general aspects of OAuth2.0 authorization and its benefits. This page focuses on how to use OAuth2.0 methods within the Java client library.

Choosing the OAuth2.0 flow

First, you will need decide which OAuth2.0 is the best fit for your use case:

  1. (Installed Application) Is my application going to run offline or only ever use one user to log into the API?
  2. (Web Application) Is my application going to be a web application and request the user log in?

If the answer to (1) is yes, then you will be using offline credentials with an installed application flow. Specifically, you will be using the OfflineCredentials utility in this library.

If the answer to (2) is yes, then you will be setting up a web server to listen for redirects as the user logs in. You will need to register an application in the developers console that can do this.

For a screencast on how to do this, see:

IMAGE ALT TEXT HERE

Creating an application identifier

Note: The examples below are for DFP. Equivalent examples for AdWords can be found in the auth folder of the AdWords module.

In order to use the OAuth2.0 authorization with Google services, you need to create an application identifier and secret (also known as client ID and client secret).

Visit Google Developers Console

You do not need to enable any APIs for AdWords, DFA, and DFP in the console.

  1. Create a new project (or use an existing project)
  2. Click the project to open
  3. On the left panel, click on APIs & auth to expand the menu, and then click on Credentials
  4. Click on CREATE NEW CLIENT ID
  5. Choose either Installed Application or Web Application depending on the style of your application
    • If you wish to use our sample code or the OfflineCredentials utility, i.e. dfp/axis/auth/GetRefreshToken.java to generate a refresh token, then you have to choose Installed Application.
    • If you choose Web Application, you will also need to write your own web application that can complete the OAuth 2.0 flow. See AdvancedCreateCredentialFromScratch.java for an example of how to do that.

  6. Click Create Client ID to complete the steps. Client ID and client secret will be available under the new application.

  7. Make sure all of the required fields are filled and saved on the Consent Screen.

The Client ID and secret values are the parameters you will need in the next step.

Setting up the client library

All required settings can be configured via the relevant API configuration file ads.properties. For the example projects, you will find these in the root of the project (for the jars distribution) or in the src/main/resources directory (for the maven distribution).

The required parameters are:

# If you do not have a client ID or secret, please create a project in the
# Developers console. See the following link for more information:
# https://github.com/googleads/googleads-java-lib/wiki/Using-OAuth2.0
api.dfp.clientId=INSERT_CLIENT_ID_HERE
api.dfp.clientSecret=INSERT_CLIENT_SECRET_HERE
...

If you are using the OfflineCredentials utility, you will need to set the api.dfp.refreshToken property as well. You will generate it using the dfp/axis/auth/GetRefreshToken.java example.

Using offline credentials (OfflineCredentials)

To make it easy to use our library offline (i.e. like a service account would), we offer the OfflineCredentials utility. This utility uses a refresh token that needs to be generated once. The general flow is:

  1. Create an application identifier
  2. Retrieve your client ID and secret (which should have a redirect URI of urn:ietf:wg:oauth:2.0:oob)
  3. Enter your client ID and secret into the ads.properties file.
  4. Run GetRefreshToken.java
  5. Enter your refresh token into the ads.properties file.
  6. Use the OfflineCredentials utility as shown in our examples

When you run GetRerefreshToken.java, you will get an authentication URL and a prompt for the verification string when running this example from the command line. Copy and paste the auth URL into a browser to obtain the verification string. You will need to log in with your account credentials that you want to make API calls with.

Once you type (or copy) the verification string back to the example, you should see the query result. With this result, you should be able to update your ads.properties with the correct refreshToken.

Service Accounts

You may be tempted to use a service account to access the API. However, to use a service account, you must be a Google Apps for Business customer, with the ability to impersonate users of your network. If you are, then you can use the AdvancedCreateCredentialFromScratch example as a starting point for constructing a service account Credential. See https://code.google.com/p/google-api-java-client/wiki/OAuth2#Service_Accounts on how to do this.

If you are unable to use service accounts, but still want to only perform the OAuth2 flow once, consider creating an offline credential using the OfflineCredentials utility.

For general information on the service accounts flow, please see the OAuth2 Documentation.

Something went wrong with that request. Please try again.