Skip to content

API access on behalf of your clients (web flow)

Jump to bottom
Anash P. Oommen edited this page Dec 14, 2018 · 4 revisions

This guide will walk you through how to setup OAuth2 for API access on behalf of your clients using web flow.

Step 1 - Creating OAuth2 credentials

Follow the steps for the product you're using to generate a client ID and secret, then come back to this page.

IMPORTANT: The example below requires that you register the following as one of the Authorized redirect URIs in your project:

http://localhost/authorize
http://127.0.0.1/authorize

Step 2 - Setting up the client library

Adding OAuth2 support for your application (single login)

If your application manages only one account (or a hierarchy of accounts all linked under a single master MCC), then you don’t need to build OAuth2 flow into your application. You can instead use a utility named OAuthTokenGenerator.exe to generate the necessary OAuth2 configuration. Refer to this wiki article for generating OAuth2 configuration using OAuthTokenGenerator.

Adding OAuth2 support for your application (multiple logins)

If you manage multiple unrelated accounts, then you need to build OAuth2 sign-in flow into your application as part of adding OAuth2 support for your application. This involves three steps:

  1. Configure the following keys in your application’s web.config.
<add key="AuthorizationMethod" value="OAuth2" />
<add key="OAuth2ClientId" value="INSERT_OAUTH2_CLIENT_ID_HERE" />
<add key="OAuth2ClientSecret" value="INSERT_OAUTH2_CLIENT_SECRET_HERE" />
<add key="OAuth2Mode" value="APPLICATION" />
  1. Write an OAuth2 callback page and register it as a valid OAuth2 callback URL.

If you are using web flow for OAuth2, then you need to add a page to your web application to handle OAuth2 callbacks. The URL of this page should be added to "Redirect URIs" on the Google Developers Console page. You should also provide this URL as the value for the OAuth2RedirectUri setting in your application’s web.config.

This page should be able to handle two cases:

  • If any other page in your website detects that the user hasn't authorized your application to make API calls, then it needs to redirect the user to this page. The page needs to construct an Authorization Url and redirect the user to the Google OAuth2 server.
  • Once the user has authorized your application, Google OAuth2 servers will redirect the user back to this page. The page needs to use the OAuth2 authorizationCode to obtain an access token and optionally a refresh token. Then it needs to redirect the user back to the page the user originally came from. The page should also have an appropriate mechanism to share the Access and Refresh tokens between multiple pages (e.g. session, persistent store like database, etc.)

OAuth2 provides a parameter named State to allow you to distinguish between the two flows. When your app calls the callback page, the State parameter won't be set. The State parameter will be set when the Google OAuth2 servers call your callback page.

  1. Configure your AdsUser object to use OAuth2.

You can refer to the ASP.NET sample application for the product you're using for a full end-to-end example:

Clone this wiki locally