OAuth Playground

Another option for generating OAuth2 credentials is to use the OAuth2 Playground. The OAuth2 Playground, in conjunction with the Google API Console, lets you manually create OAuth2 tokens.

The OAuth2 Playground is for users who only need to access the accounts for a single manager account or Google Ads user. If you need to prompt multiple users for credentials, it is likely better to Configure a client library for OAuth in the Google Ads API.

Get a client ID and client secret

If you don't have an existing cloud project:

Open the Google API Console Credentials page.
From the project drop-down, select an existing project or create a new one.
On the Credentials page, select Create credentials, then select OAuth client ID.
Under Application type, choose Web application.
Under Authorized redirect URIs, add a line with: https://developers.google.com/oauthplayground
Click Create.
On the Client ID page, take note of the client ID and client secret. You'll need these in the next step.

If you have an existing cloud project, you can reuse it by setting the Authorized redirect URIs as described in step 5.

Generate tokens

Go to the OAuth2 Playground, (using this link should pre-populate some key values for you).
Click the gear icon in the upper right corner and select the box labeled Use your own OAuth credentials (if it isn't already selected).
Make sure that:
- OAuth flow is set to Server-side.
- Access type is set to Offline (this ensures you get a refresh token and an access token, instead of just an access token).
Enter the OAuth2 client ID and OAuth2 client secret you obtained above.
In the section labeled Step 1 - Select & authorize APIs, click Google Ads API from the list and select its scope, https://www.googleapis.com/auth/adwords. Then click Authorize APIs:
If prompted, sign in to the account to which you want to grant access and authorization. Otherwise, confirm that the current Google user in the top right corner is the Google Ads or manager account for whom you want to obtain credentials.

If you got your client ID and secret only a few minutes ago, and you get an error such as Error: redirect_uri_mismatch, the changes you made may not have propagated. Click the back button in your browser, wait a few minutes, then try clicking Authorize APIs again.
If you get an error that you have not been granted access by the developer and the app is currently being tested, you will need to visit the OAuth consent screen page within your GCP project and do one of the following:
- Publish the app.
- Keep the app in the Testing status, and add yourself as a test user.
A prompt appears indicating your app would like to Manage your Google Ads Campaigns. Click Accept to continue.
In the tab labeled Step 2 - Exchange authorization code for tokens, an Authorization code should appear. Click Exchange authorization code for tokens.
If all goes well, the Refresh token and Access token should be filled in for you (you may have to re-expand Step 2 - Exchange authorization code for tokens):
Copy the Refresh token into the configuration file for your client library of choice, along with the client ID and client secret.
Configure a client library for OAuth in the Google Ads API.

Remove the OAuth2 Playground from your client ID

Now that you have a refresh token, you no longer need the OAuth2 Playground to be an authorized redirect URI. To remove it from the list of authorized redirect URIs:

Go to the Google API Console Credentials page.
From the project drop-down, select your project.
On the Credentials page, click the client ID name to edit.
Remove https://developers.google.com/oauthplayground from the Authorized redirect URIs. Note that you must leave at least one redirect URI in place.
Click Save.