Java
// Copyright 2018 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
package com.google.ads.googleads.examples.authentication;
import com.google.ads.googleads.lib.GoogleAdsClient;
import com.google.ads.googleads.lib.GoogleAdsClient.Builder.ConfigPropertyKey;
import com.google.api.client.http.GenericUrl;
import com.google.api.client.http.HttpStatusCodes;
import com.google.api.client.util.Key;
import com.google.auth.oauth2.ClientId;
import com.google.auth.oauth2.UserAuthorizer;
import com.google.auth.oauth2.UserCredentials;
import com.google.common.base.MoreObjects;
import com.google.common.base.Preconditions;
import com.google.common.base.Strings;
import com.google.common.collect.ImmutableList;
import java.io.BufferedReader;
import java.io.Console;
import java.io.IOException;
import java.io.InputStreamReader;
import java.io.OutputStreamWriter;
import java.io.Writer;
import java.math.BigInteger;
import java.net.ServerSocket;
import java.net.Socket;
import java.net.URI;
import java.nio.charset.StandardCharsets;
import java.security.SecureRandom;
import java.util.Properties;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
/**
* Creates an OAuth2 refresh token for the Google Ads API using the Web application flow.
*
* <p>This example will start a basic server that listens for requests at {@code
* http://localhost:PORT}, where {@code PORT} is dynamically assigned.
*
* <p>IMPORTANT: You must add {@code http://localhost/oauth2callback} to the "Authorize redirect
* URIs" list in your Google Cloud Console project before running this example.
*/
public class AuthenticateInWebApplication {
// Scopes for the generated OAuth2 credentials. The list here only contains the AdWords scope,
// but you can add multiple scopes if you want to use the credentials for other Google APIs.
private static final ImmutableList<String> SCOPES =
ImmutableList.<String>builder().add("https://www.googleapis.com/auth/adwords").build();
private static final String OAUTH2_CALLBACK = "/oauth2callback";
public static void main(String[] args) throws Exception {
// To fill in the values below, generate a client ID and client secret from the Google Cloud
// Console (https://console.cloud.google.com) by creating credentials for a Web application.
// Set the "Authorized redirect URIs" to:
// http://localhost/oauth2callback
String clientId;
String clientSecret;
String loginEmailAddressHint;
Console console = System.console();
if (console == null) {
// The console will be null when running this example in some IDEs. In this case, please
// set the clientId and clientSecret in the lines below.
clientId = "INSERT_CLIENT_ID_HERE";
clientSecret = "INSERT_CLIENT_SECRET_HERE";
// Optional: If your application knows which user is trying to authenticate, you can set this
// to the user's email address so that the Google Authentication Server will automatically
// populate the account selection prompt with that address.
loginEmailAddressHint = null;
// Ensures that the client ID and client secret are not the "INSERT_..._HERE" values.
Preconditions.checkArgument(
!clientId.matches("INSERT_.*_HERE"),
"Client ID is invalid. Please update the example and try again.");
Preconditions.checkArgument(
!clientSecret.matches("INSERT_.*_HERE"),
"Client secret is invalid. Please update the example and try again.");
} else {
console.printf(
"NOTE: When prompting for the client secret below, echoing will be disabled%n");
console.printf(" since the client secret is sensitive information.%n");
console.printf("Enter your client ID:%n");
clientId = console.readLine();
console.printf("Enter your client secret:%n");
clientSecret = String.valueOf(console.readPassword());
console.printf("(Optional) Enter the login email address hint:%n");
loginEmailAddressHint = Strings.emptyToNull(console.readLine());
}
new AuthenticateInWebApplication().runExample(clientId, clientSecret, loginEmailAddressHint);
}
public void runExample(String clientId, String clientSecret, String loginEmailAddressHint)
throws Exception {
// Creates an anti-forgery state token as described here:
// https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
String state = new BigInteger(130, new SecureRandom()).toString(32);
// Creates an HTTP server that will listen for the OAuth2 callback request.
URI baseUri;
UserAuthorizer userAuthorizer;
AuthorizationResponse authorizationResponse = null;
try (SimpleCallbackServer simpleCallbackServer = new SimpleCallbackServer()) {
userAuthorizer =
UserAuthorizer.newBuilder()
.setClientId(ClientId.of(clientId, clientSecret))
.setScopes(SCOPES)
.setCallbackUri(URI.create(OAUTH2_CALLBACK))
.build();
baseUri = URI.create("http://localhost:" + simpleCallbackServer.getLocalPort());
System.out.printf(
"Paste this url in your browser:%n%s%n",
userAuthorizer.getAuthorizationUrl(loginEmailAddressHint, state, baseUri));
// Waits for the authorization code.
simpleCallbackServer.accept();
authorizationResponse = simpleCallbackServer.authorizationResponse;
}
if (authorizationResponse == null || authorizationResponse.code == null) {
throw new NullPointerException(
"OAuth2 callback did not contain an authorization code: " + authorizationResponse);
}
// Confirms that the state in the response matches the state token used to generate the
// authorization URL.
if (!state.equals(authorizationResponse.state)) {
throw new IllegalStateException("State does not match expected state");
}
// Exchanges the authorization code for credentials and print the refresh token.
UserCredentials userCredentials =
userAuthorizer.getCredentialsFromCode(authorizationResponse.code, baseUri);
System.out.printf("Your refresh token is: %s%n", userCredentials.getRefreshToken());
// Prints the configuration file contents.
Properties adsProperties = new Properties();
adsProperties.put(ConfigPropertyKey.CLIENT_ID.getPropertyKey(), clientId);
adsProperties.put(ConfigPropertyKey.CLIENT_SECRET.getPropertyKey(), clientSecret);
adsProperties.put(
ConfigPropertyKey.REFRESH_TOKEN.getPropertyKey(), userCredentials.getRefreshToken());
adsProperties.put(
ConfigPropertyKey.DEVELOPER_TOKEN.getPropertyKey(), "INSERT_DEVELOPER_TOKEN_HERE");
showConfigurationFile(adsProperties);
}
private void showConfigurationFile(Properties adsProperties) throws IOException {
System.out.printf(
"Copy the text below into a file named %s in your home directory, and replace "
+ "INSERT_XXX_HERE with your configuration:%n",
GoogleAdsClient.Builder.DEFAULT_PROPERTIES_CONFIG_FILE_NAME);
System.out.println(
"######################## Configuration file start ########################");
adsProperties.store(System.out, null);
System.out.printf(
"# Required for manager accounts only: Specify the login customer ID used to%n"
+ "# authenticate API calls. This will be the customer ID of the authenticated%n"
+ "# manager account. You can also specify this later in code if your application%n"
+ "# uses multiple manager account + OAuth pairs.%n"
+ "#%n");
System.out.println(
"# " + ConfigPropertyKey.LOGIN_CUSTOMER_ID.getPropertyKey() + "=INSERT_LOGIN_CUSTOMER_ID");
System.out.println(
"######################## Configuration file end ##########################");
}
/** Basic server that listens for the OAuth2 callback from the Web application flow. */
private static class SimpleCallbackServer extends ServerSocket {
private AuthorizationResponse authorizationResponse;
SimpleCallbackServer() throws IOException {
// Passes a port # of zero so that a port will be automatically allocated.
super(0);
}
/**
* Blocks until a connection is made to this server. After this method completes, the
* authorizationResponse of this server will be set, provided the request line is in the
* expected format.
*/
@Override
public Socket accept() throws IOException {
Socket socket = super.accept();
try (BufferedReader in =
new BufferedReader(
new InputStreamReader(socket.getInputStream(), StandardCharsets.UTF_8))) {
String callbackRequest = in.readLine();
// Uses a regular expression to extract the request line from the first line of the
// callback request, e.g.:
// GET /?code=AUTH_CODE&state=XYZ&scope=https://www.googleapis.com/auth/adwords HTTP/1.1
Pattern pattern = Pattern.compile("GET +([^ ]+)");
Matcher matcher = pattern.matcher(Strings.nullToEmpty(callbackRequest));
if (matcher.find()) {
String relativeUrl = matcher.group(1);
authorizationResponse = new AuthorizationResponse("http://localhost" + relativeUrl);
}
try (Writer outputWriter = new OutputStreamWriter(socket.getOutputStream())) {
outputWriter.append("HTTP/1.1 ");
outputWriter.append(Integer.toString(HttpStatusCodes.STATUS_CODE_OK));
outputWriter.append(" OK\n");
outputWriter.append("Content-Type: text/html\n\n");
outputWriter.append("<b>");
if (authorizationResponse.code != null) {
outputWriter.append("Authorization code was successfully retrieved.");
} else {
outputWriter.append("Failed to retrieve authorization code.");
}
outputWriter.append("</b>");
outputWriter.append("<p>Please check the console output from <code>");
outputWriter.append(AuthenticateInWebApplication.class.getSimpleName());
outputWriter.append("</code> for further instructions.");
}
}
return socket;
}
}
/** Response object with attributes corresponding to OAuth2 callback parameters. */
static class AuthorizationResponse extends GenericUrl {
/** The authorization code to exchange for an access token and (optionally) a refresh token. */
@Key String code;
/** Error from the request or from the processing of the request. */
@Key String error;
/** State parameter from the callback request. */
@Key String state;
/**
* Constructs a new instance based on an absolute URL. All fields annotated with the {@link Key}
* annotation will be set if they are present in the URL.
*
* @param encodedUrl absolute URL with query parameters.
*/
public AuthorizationResponse(String encodedUrl) {
super(encodedUrl);
}
@Override
public String toString() {
return MoreObjects.toStringHelper(getClass())
.add("code", code)
.add("error", error)
.add("state", state)
.toString();
}
}
}
C#
// Copyright 2021 Google LLC
//
// Licensed under the Apache License, Version 2.0 (the "License");
// you may not use this file except in compliance with the License.
// You may obtain a copy of the License at
//
// http://www.apache.org/licenses/LICENSE-2.0
//
// Unless required by applicable law or agreed to in writing, software
// distributed under the License is distributed on an "AS IS" BASIS,
// WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
// See the License for the specific language governing permissions and
// limitations under the License.
using Google.Ads.GoogleAds.Config;
using Microsoft.AspNetCore.Mvc;
using Microsoft.Extensions.Configuration;
namespace Google.Ads.GoogleAds.Examples
{
/// <summary>
/// The controller for the login flow.
/// </summary>
/// <seealso cref="Microsoft.AspNetCore.Mvc.Controller" />
[Route("login")]
public class LoginController : Controller
{
/// <summary>
/// The login helper.
/// </summary>
private WebLoginHelper loginHelper;
/// <summary>
/// The Google Ads configuration.
/// </summary>
private GoogleAdsConfig config;
/// <summary>
/// Initializes a new instance of the <see cref="LoginController"/> class.
/// </summary>
/// <param name="configRoot">The configuration root.</param>
public LoginController(IConfiguration configRoot)
{
IConfigurationSection section = configRoot.GetSection("GoogleAdsApi");
config = new GoogleAdsConfig(section);
}
/// <summary>
/// Handles the GET call.
/// </summary>
public IActionResult OnGet()
{
loginHelper = new WebLoginHelper(this.HttpContext, config);
if (loginHelper.IsLoggedIn)
{
// Redirect to the main page.
return Redirect("/Index");
}
else if (loginHelper.IsCallbackFromOAuthServer())
{
loginHelper.ExchangeAuthorizationCodeForCredentials();
// Redirect to the main page.
return Redirect("/Index");
}
else
{
// Redirect the user to the OAuth2 login page.
return loginHelper.RedirectUsertoOAuthServer();
}
}
}
}
PHP
<?php
/*
* Copyright 2018 Google LLC
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* https://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
namespace Google\AdsApi\Examples\Authentication;
require __DIR__ . '/../../vendor/autoload.php';
use Google\Auth\CredentialsLoader;
use Google\Auth\OAuth2;
use Psr\Http\Message\ServerRequestInterface;
use React\EventLoop\Factory;
use React\Http\Message\Response;
use React\Http\Server;
use UnexpectedValueException;
/**
* This example will create an OAuth2 refresh token for the Google Ads API using the Web application
* flow.
*
* <p>This example will start a basic server that listens for requests at `http://localhost:PORT`,
* where `PORT` is dynamically assigned.
*
* <p>IMPORTANT: You must add `http://localhost/oauth2callback` to the "Authorize redirect
* URIs" list in your Google Cloud Console project before running this example.
*/
class AuthenticateInWebApplication
{
/**
* @var string the OAuth2 scope for the Google Ads API
* @see https://developers.google.com/google-ads/api/docs/oauth/internals#scope
*/
private const SCOPE = 'https://www.googleapis.com/auth/adwords';
/**
* @var string the Google OAuth2 authorization URI for OAuth2 requests
* @see https://developers.google.com/identity/protocols/OAuth2InstalledApp#step-2-send-a-request-to-googles-oauth-20-server
*/
private const AUTHORIZATION_URI = 'https://accounts.google.com/o/oauth2/v2/auth';
/**
* @var string the OAuth2 call back URL path.
*/
private const OAUTH2_CALLBACK_PATH = '/oauth2callback';
public static function main()
{
if (!class_exists(Server::class)) {
echo 'Please install "react/http" package to be able to run this example';
exit(1);
}
$loop = Factory::create();
// Creates a socket for localhost with random port.
$socket = new \React\Socket\Server(0, $loop);
print 'Enter your OAuth2 client ID here: ';
$clientId = trim(fgets(STDIN));
print 'Enter your OAuth2 client secret here: ';
$clientSecret = trim(fgets(STDIN));
$redirectUrl = str_replace('tcp:', 'http:', $socket->getAddress());
$oauth2 = new OAuth2(
[
'clientId' => $clientId,
'clientSecret' => $clientSecret,
'authorizationUri' => self::AUTHORIZATION_URI,
'redirectUri' => $redirectUrl . self::OAUTH2_CALLBACK_PATH,
'tokenCredentialUri' => CredentialsLoader::TOKEN_CREDENTIAL_URI,
'scope' => self::SCOPE,
// Create a 'state' token to prevent request forgery. See
// https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
// for details.
'state' => sha1(openssl_random_pseudo_bytes(1024))
]
);
$authToken = null;
$server = new Server(
$loop,
function (ServerRequestInterface $request) use ($oauth2, $loop, &$authToken) {
// Stops the server after tokens are retrieved.
if (!is_null($authToken)) {
$loop->stop();
}
// Check if the requested path is the one set as the redirect URI.
if (
$request->getUri()->getPath()
!== parse_url($oauth2->getRedirectUri(), PHP_URL_PATH)
) {
return new Response(
404,
['Content-Type' => 'text/plain'],
'Page not found'
);
}
// Exit if the state is invalid to prevent request forgery.
$state = $request->getQueryParams()['state'];
if (empty($state) || ($state !== $oauth2->getState())) {
throw new UnexpectedValueException(
"The state is empty or doesn't match expected one." . PHP_EOL
);
};
// Set the authorization code and fetch refresh and access tokens.
$code = $request->getQueryParams()['code'];
$oauth2->setCode($code);
$authToken = $oauth2->fetchAuthToken();
$refreshToken = $authToken['refresh_token'];
print 'Your refresh token is: ' . $refreshToken . PHP_EOL;
$propertiesToCopy = '[GOOGLE_ADS]' . PHP_EOL;
$propertiesToCopy .= 'developerToken = "INSERT_DEVELOPER_TOKEN_HERE"' . PHP_EOL;
$propertiesToCopy .= <<<EOD
; Required for manager accounts only: Specify the login customer ID used to authenticate API calls.
; This will be the customer ID of the authenticated manager account. You can also specify this later
; in code if your application uses multiple manager account + OAuth pairs.
; loginCustomerId = "INSERT_LOGIN_CUSTOMER_ID_HERE"
EOD;
$propertiesToCopy .= PHP_EOL . '[OAUTH2]' . PHP_EOL;
$propertiesToCopy .= "clientId = \"{$oauth2->getClientId()}\"" . PHP_EOL;
$propertiesToCopy .= "clientSecret = \"{$oauth2->getClientSecret()}\"" . PHP_EOL;
$propertiesToCopy .= "refreshToken = \"$refreshToken\"" . PHP_EOL;
print 'Copy the text below into a file named "google_ads_php.ini" in your home '
. 'directory, and replace "INSERT_DEVELOPER_TOKEN_HERE" with your developer '
. 'token:' . PHP_EOL;
print PHP_EOL . $propertiesToCopy;
return new Response(
200,
['Content-Type' => 'text/plain'],
'Your refresh token has been fetched. Check the console output for '
. 'further instructions.'
);
}
);
$server->listen($socket);
printf(
'Log into the Google account you use for Google Ads and visit the following URL '
. 'in your web browser: %1$s%2$s%1$s%1$s',
PHP_EOL,
$oauth2->buildFullAuthorizationUri(['access_type' => 'offline'])
);
$loop->run();
}
}
AuthenticateInWebApplication::main();
Python
#!/usr/bin/env python
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
"""This example creates an OAuth2 refresh token using the Web application flow.
To retrieve the necessary client_secrets JSON file, first generate OAuth 2.0
credentials of type 'Web application' in the Google Cloud Console:
https://console.cloud.google.com
Make sure 'http://localhost:8080' is included the list of authorized redirect
URIs for this client ID. If you choose a different port, make sure to update the
hardcoded _PORT variable below.
Once complete, download the credentials and save the file path so it can be
passed into this example.
This example is a very simple implementation, for a more detailed example see:
https://developers.google.com/identity/protocols/oauth2/web-server#python
"""
import argparse
import hashlib
import os
import re
import socket
import sys
from google_auth_oauthlib.flow import Flow
_SCOPE = "https://www.googleapis.com/auth/adwords"
_PORT = 8080
_REDIRECT_URI = f"http://localhost:{_PORT}"
def main(client_secrets_path, scopes):
"""The main method, starts a basic server and initializes an auth request.
Args:
client_secrets_path: a path to where the client secrets JSON file is
located on the machine running this example.
scopes: a list of API scopes to include in the auth request, see:
https://developers.google.com/identity/protocols/oauth2/scopes
"""
flow = Flow.from_client_secrets_file(client_secrets_path, scopes=scopes)
flow.redirect_uri = _REDIRECT_URI
# Create an anti-forgery state token as described here:
# https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
passthrough_val = hashlib.sha256(os.urandom(1024)).hexdigest()
authorization_url, state = flow.authorization_url(
access_type='offline',
state=passthrough_val,
include_granted_scopes='true'
)
# Prints the authorization URL so you can paste into your browser. In a
# typical web application you would redirect the user to this URL, and they
# would be redirected back to "redirect_url" provided earlier after
# granting permission.
print("Paste this URL into your browser: ")
print(authorization_url)
print(f"\nWaiting for authorization and callback to: {_REDIRECT_URI}...")
# Retrieves an authorization code by opening a socket to receive the
# redirect request and parsing the query parameters set in the URL.
code = _get_authorization_code(passthrough_val)
# Pass the code back into the OAuth module to get a refresh token.
flow.fetch_token(code=code)
refresh_token = flow.credentials.refresh_token
print(f"\nYour refresh token is: {refresh_token}\n")
print(
"Add your refresh token to your client library configuration as "
"described here: "
"https://developers.google.com/google-ads/api/docs/client-libs/python/configuration"
)
def _get_authorization_code(passthrough_val):
"""Opens a socket to handle a single HTTP request containing auth tokens.
Args:
passthrough_val: an anti-forgery token used to verify the request
received by the socket.
Returns:
a str access token from the Google Auth service.
"""
# Open a socket at localhost:PORT and listen for a request
sock = socket.socket()
sock.bind(('localhost', _PORT))
sock.listen(1)
connection, address = sock.accept()
data = connection.recv(1024)
# Parse the raw request to retrieve the URL query parameters.
params = _parse_raw_query_params(data)
try:
if not params.get("code"):
# If no code is present in the query params then there will be an
# error message with more details.
error = params.get("error")
message = f"Failed to retrieve authorization code. Error: {error}"
raise ValueError(message)
elif params.get("state") != passthrough_val:
message = "State token does not match the expected state."
raise ValueError(message)
else:
message = "Authorization code was successfully retrieved."
except ValueError as error:
print(error)
sys.exit(1)
finally:
response = (
"HTTP/1.1 200 OK\n"
"Content-Type: text/html\n\n"
f"<b>{message}</b>"
"<p>Please check the console output.</p>\n"
)
connection.sendall(response.encode())
connection.close()
return params.get("code")
def _parse_raw_query_params(data):
"""Parses a raw HTTP request to extract its query params as a dict.
Note that this logic is likely irrelevant if you're building OAuth logic
into a complete web application, where response parsing is handled by a
framework.
Args:
data: raw request data as bytes.
Returns:
a dict of query parameter key value pairs.
"""
# Decode the request into a utf-8 encoded string
decoded = data.decode("utf-8")
# Use a regular expression to extract the URL query parameters string
match = re.search("GET\s\/\?(.*) ", decoded)
params = match.group(1)
# Split the parameters to isolate the key/value pairs
pairs = [ pair.split("=") for pair in params.split("&") ]
# Convert pairs to a dict to make it easy to access the values
return { key: val for key, val in pairs }
if __name__ == "__main__":
parser = argparse.ArgumentParser(
description=(
"Generates OAuth2 refresh token using the Web application flow. "
"To retrieve the necessary client_secrets JSON file, first "
"generate OAuth 2.0 credentials of type Web application in the "
"Google Cloud Console (https://console.cloud.google.com). "
"Make sure 'http://localhost:PORT' is included the list of "
"'Authorized redirect URIs' for this client ID."
),
)
# The following argument(s) should be provided to run the example.
parser.add_argument(
"--client_secrets_path",
required=True,
type=str,
help=(
"Path to the client secrets JSON file from the Google Developers "
"Console that contains your client ID, client secret, and "
"redirect URIs."
),
)
parser.add_argument(
"--additional_scopes",
default=None,
type=str,
nargs="+",
help="Additional scopes to apply when generating the refresh token.",
)
args = parser.parse_args()
configured_scopes = [_SCOPE]
if args.additional_scopes:
configured_scopes.extend(args.additional_scopes)
main(args.client_secrets_path, configured_scopes)
Ruby
#!/usr/bin/env ruby
# Encoding: utf-8
#
# Copyright 2018 Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# https://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This example will create an OAuth2 refresh token for the Google Ads API using
# the Web application flow.
#
# This example will start a basic server that listens for requests at
# http://localhost:PORT, where PORT is the port specified below.
require 'googleauth'
require 'securerandom'
require 'uri'
require 'cgi'
require 'socket'
require 'optparse'
def authenticate_in_web_application(client_id, client_secret, port)
callback_uri = sprintf('http://localhost:%s', port)
# Create an anti-forgery state token as described here:
# https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
state = SecureRandom.hex(16)
client_id = Google::Auth::ClientId.new(client_id, client_secret)
# This example does not store credentials, so no TokenStore is needed.
user_authorizer = Google::Auth::UserAuthorizer.new(
client_id, SCOPE, nil, callback_uri)
authorization_url = user_authorizer.get_authorization_url(state: state)
printf("Paste this url in your browser:\n%s\n", authorization_url)
printf("Waiting for authorization and callback...\n")
printf("Listening at %s\n", callback_uri)
response_params = get_authorization_code(port)
# Confirm that the state in the response matches the state token used to
# generate the authorization URL.
unless state == response_params['state'][0]
raise StandardError,
'State returned from callback does not match the expected state'
end
user_credentials = user_authorizer.get_credentials_from_code(
code: response_params['code'][0])
printf("Your refresh token is: %s\n", user_credentials.refresh_token)
printf("Copy your refresh token above into your google_ads_config.rb in your "\
"home directory or use it when instantiating the library.\n")
end
def get_authorization_code(port)
authorization_code = nil
server = TCPServer.open(port)
client = server.accept
callback_request = client.readline
# Use a regular expression to extract the request line from the first line of
# the callback request, e.g.:
# GET /?code=AUTH_CODE&state=XYZ&scope=... HTTP/1.1
matcher = /GET +([^ ]+)/.match(callback_request)
response_params = CGI.parse(URI.parse(matcher[1]).query) unless matcher.nil?
client.puts("HTTP/1.1 200 OK")
client.puts("Content-Type: text/html")
client.puts("")
client.puts("<b>")
if response_params['code'].nil?
client.puts("Failed to retrieve authorization code.")
else
client.puts("Authorization code was successfully retrieved.")
end
client.puts("</b>")
client.puts("<p>Please check the console output.</p>")
client.close
return response_params
end
if __FILE__ == $PROGRAM_NAME
SCOPE = 'https://www.googleapis.com/auth/adwords'
# To fill in the values below, generate a client ID and client secret from the
# Google Cloud Console (https://console.cloud.google.com) by creating
# credentials for a Web application. Set the "Authorized redirect URIs" to:
# http://localhost:[PORT]
options = {}
# The following parameter(s) should be provided to run the example. You can
# either specify these by changing the INSERT_XXX_ID_HERE values below, or on
# the command line.
#
# Parameters passed on the command line will override any parameters set in
# code.
#
# Running the example with -h will print the command line usage.
options[:client_id] = 'INSERT_CLIENT_ID_HERE'
options[:client_secret] = 'INSERT_CLIENT_SECRET_HERE'
options[:port] = 'INSERT_PORT_HERE'
OptionParser.new do |opts|
opts.banner = sprintf('Usage: %s [options]', File.basename(__FILE__))
opts.separator ''
opts.separator 'Options:'
opts.on('-I', '--client-id CLIENT-ID', String, 'Client ID') do |v|
options[:client_id] = v
end
opts.on('-S', '--client-secret CLIENT-SECRET', String,
'Client Secret') do |v|
options[:client_secret] = v
end
opts.on('-p', '--port PORT', String, 'Port') do |v|
options[:port] = v
end
opts.separator ''
opts.separator 'Help:'
opts.on_tail('-h', '--help', 'Show this message') do
puts opts
exit
end
end.parse!
authenticate_in_web_application(options[:client_id], options[:client_secret],
options[:port])
end
Perl
#!/usr/bin/perl -w
#
# Copyright 2019, Google LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
# This example will create an OAuth2 refresh token for the Google Ads API using
# the Web application flow.
#
# This example will start a basic server that listens for requests at
# http://localhost:PORT, where PORT defaults to 8080 as below.
#
# [IMPORTANT]: You must add http://localhost:PORT/oauth2callback to the
# "Authorize redirect URIs" list in your Google Cloud Console project before
# running this example, where PORT defaults to 8080.
use strict;
use warnings;
use utf8;
use FindBin qw($Bin);
use lib "$Bin/../../lib";
use Google::Ads::GoogleAds::Client;
use Google::Ads::GoogleAds::Utils::GoogleAdsHelper;
use Getopt::Long qw(:config auto_help);
use Pod::Usage;
use Cwd qw(abs_path);
use Data::Uniqid qw(uniqid);
use Digest::SHA qw(sha1_hex);
use constant OAUTH2_CALLBACK => "/oauth2callback";
use constant PORT => 8080;
# The following parameter(s) should be provided to run the example. You can
# either specify these by changing the INSERT_XXX_ID_HERE values below, or on
# the command line.
#
# Parameters passed on the command line will override any parameters set in
# code.
#
# Running the example with -h will print the command line usage.
my $client_id = "INSERT_CLIENT_ID_HERE";
my $client_secret = "INSERT_CLIENT_SECRET_HERE";
my $additional_scopes = "INSERT_ADDITIONAL_SCOPES_HERE";
# Create an anti-forgery state token as described here:
# https://developers.google.com/identity/protocols/OpenIDConnect#createxsrftoken
our $state = sha1_hex(uniqid);
sub authenticate_in_web_application {
my ($api_client, $client_id, $client_secret, $additional_scopes) = @_;
my $auth_handler = $api_client->get_oauth2_handler();
my $callback_url = sprintf("http://localhost:%d%s", PORT, OAUTH2_CALLBACK);
$auth_handler->set_client_id($client_id);
$auth_handler->set_client_secret($client_secret);
$auth_handler->set_redirect_uri($callback_url);
$auth_handler->set_additional_scopes($additional_scopes)
if check_params($additional_scopes);
# Open a browser and point it to the authorization URL, authorize the access.
print
"\nPaste this url in your browser:\n",
$auth_handler->get_authorization_url($state), "\n\n";
printf "Waiting for authorization and callback to %s ...\n", $callback_url;
SimpleCallbackServer->new(PORT, $auth_handler)->run;
return 1;
}
{
# Simple CGI server that listens for the OAuth2 callback from the Web application flow.
package SimpleCallbackServer;
use HTTP::Server::Simple::CGI;
use base qw(HTTP::Server::Simple::CGI);
sub new {
my ($class, $port, $auth_handler) = @_;
my $self = HTTP::Server::Simple::CGI->new($port);
$self->{auth_handler} = $auth_handler;
bless $self, $class;
return $self;
}
my %dispatch = (main::OAUTH2_CALLBACK => \&resp_callback);
sub handle_request {
my ($self, $cgi) = @_;
my $path = $cgi->path_info;
my $handler = $dispatch{$path};
if (ref($handler) eq "CODE") {
print "HTTP/1.0 200 OK\r\n";
$handler->($self, $cgi);
} else {
print "HTTP/1.0 404 Not found\r\n";
print $cgi->header,
$cgi->start_html('Not found'),
$cgi->h1('Not found'),
$cgi->end_html;
}
}
# The method to handle the callback request after user logs in and accepts
# the OAuth2 prompt. An authorization code will be returned which can be
# exchanged for an access token and refresh token.
sub resp_callback {
my ($self, $cgi) = @_;
return if !ref $cgi;
# Get the authorization code and state parameters from the URL.
my $code = $cgi->param('code');
my $state = $cgi->param('state');
if (!$code) {
print "\r\n<b>Failed to retrieve the authorization code.<b>";
} elsif ($state ne $main::state) {
# Confirm that the state in the response matches the state token used to
# generate the authorization URL.
print
"\r\n<b>State in the callback does not match the expected value.<b>";
} else {
my $auth_handler = $self->{auth_handler};
$auth_handler->issue_access_token($code);
# After the access token and refresh token are generated, you should store the
# refresh token and reuse it for future calls, by either changing your
# googleads.properties file or setting in the authorization handler as follows:
#
# $api_client->get_oauth2_handler()->set_client_id($client_id);
# $api_client->get_oauth2_handler()->set_client_secret($client_secret);
# $api_client->get_oauth2_handler()->set_refresh_token($refresh_token);
print "\r\n<b>Authorization code was successfully retrieved.</b>";
print "<p><b>Replace the following keys and values in your " .
"googleads.properties configuration file:</b><p>";
printf(
"clientId=%s<br>clientSecret=%s<br>refreshToken=%s<br>",
$auth_handler->get_client_id,
$auth_handler->get_client_secret,
$auth_handler->get_refresh_token
);
print STDERR "Press Ctrl+C to quit.\n";
}
}
}
# Don't run the example if the file is being included.
if (abs_path($0) ne abs_path(__FILE__)) {
return 1;
}
# Get Google Ads Client with the default API version.
my $api_client = Google::Ads::GoogleAds::Client->new();
# Parameters passed on the command line will override any parameters set in code.
GetOptions(
'client_id=s' => \$client_id,
'client_secret=s' => \$client_secret,
'additional_scopes=s' => \$additional_scopes
);
# Print the help message if the parameters are not initialized in the code nor
# in the command line.
pod2usage(2) if not check_params($client_id, $client_secret);
# Call the example.
authenticate_in_web_application($api_client, $client_id, $client_secret,
$additional_scopes);
=pod
=head1 NAME
authenticate_in_web_application
=head1 DESCRIPTION
This example will create an OAuth2 refresh token for the Google Ads API using
the Web application flow.
You must add B<http://localhost:PORT/oauth2callback> to the "Authorize redirect URIs"
list in your L<Google Cloud Console project|https://console.developers.google.com/apis/credentials>
before running this example, where PORT defaults to 8080.
=head1 SYNOPSIS
authenticate_in_web_application.pl [options]
-help Show the help message.
-client_id The OAuth2 client id.
-client_secret The OAuth2 client secret
-additional_scopes [optional] Additional OAuth2 scopes seperated by comma.
=cut
