Creating a Custom OAuth App
Introduction
You can use a custom OAuth app to authenticate a service account or a user account. You can always create a custom OAuth application, but note that desktop and headless connections support embedded OAuth, which simplifies the process of authentication. See "Establishing a Connection" for information about using the embedded OAuth application.When To Create a Custom OAuth Application
CData embeds OAuth Application Credentials with CData branding that can be used when connecting via either a Desktop Application or from a Headless Machine.You may choose to use your own OAuth Application Credentials when you want to
- control branding of the Authentication Dialog
- control the redirect URI that the application redirects the user to after the user authenticates
- customize the permissions that you are requesting from the user
Enable the Ad Manager API
Follow these steps to enable the API:- Navigate to the Google Ad Manager.
- Select Admin > Global from the left-hand navigation menu.
- On the Network Settings tab, click API access to enable the Ad Manager API.
Enabling the API is done in the Google Ad Manager, but the following sections require that you work in the Google Cloud Console.
Create an OAuth Application for User Accounts (OAuth)
When using AuthScheme=OAuth, and you're using web applicaiton, you must create an OAuth Client ID Application. For desktop and headless flows, creating a custom OAuth application is optional.Follow these steps to create a custom OAuth application:
- Navigate to the Google Cloud Console.
- If you have not done so, follow the steps in the console to create an OAuth consent screen.
- Select Credentials from the left-hand navigation menu.
- On the Credentials page, select Create Credentials > OAuth Client ID.
- In the Application Type menu, select Web application.
- Specify a name for your OAuth custom web application.
- Under Authorized redirect URIs, click ADD URI and enter a redirect URI. Press Enter.
- Click CREATE, which returns you to the Credentials page.
- A window opens that displays your client Id and client secret. Although the client secret is accessible from from the Google Cloud Console, we recommend you write down the client secret. You need both the client secret and client Id to specify the OAuthClientId and OAuthClientSecret connection properties.
Create an OAuth Application for Service Accounts (OAuthJWT)
When using AuthScheme=OAuthJWT, you must create a Service Account Application. Follow these steps:
- Navigate to the Google Cloud Console.
- If you have not done so, follow the steps in the console to create an OAuth consent screen.
- Select Credentials from the left-hand navigation menu.
- On the Credentials page, select Create Credentials > Service account.
- On the Create service account page, enter the Service account name, the Service account ID, and, optionally, a description.
- The console displays the email associated with the service account. Copy this and save it; you need it later for the OAuthJWTIssuer connection property.
- Click DONE. This returns you to the Credentials page.
- Click the name of your service account. In the window that opens, select the Key tab.
- Click Add Key > Create new key. In the window that opens, choose JSON or P12; we recommend JSON.
- Click Create. A private key in JSON or P12 file format is downloaded to your computer. Save this information; you need it later to for the OAuthJWTCert connection property.