diff --git a/src/csharp/Grpc.Auth/Grpc.Auth.csproj b/src/csharp/Grpc.Auth/Grpc.Auth.csproj
index afb8204c07e..5615ffd620b 100644
--- a/src/csharp/Grpc.Auth/Grpc.Auth.csproj
+++ b/src/csharp/Grpc.Auth/Grpc.Auth.csproj
@@ -79,7 +79,7 @@
     </Compile>
     <Compile Include="Properties\AssemblyInfo.cs" />
     <Compile Include="GoogleCredential.cs" />
-    <Compile Include="OAuth2InterceptorFactory.cs" />
+    <Compile Include="OAuth2Interceptors.cs" />
   </ItemGroup>
   <Import Project="$(MSBuildBinPath)\Microsoft.CSharp.targets" />
   <ItemGroup>
diff --git a/src/csharp/Grpc.Auth/OAuth2InterceptorFactory.cs b/src/csharp/Grpc.Auth/OAuth2Interceptors.cs
similarity index 79%
rename from src/csharp/Grpc.Auth/OAuth2InterceptorFactory.cs
rename to src/csharp/Grpc.Auth/OAuth2Interceptors.cs
index 420c4cb5371..c785ca5a16b 100644
--- a/src/csharp/Grpc.Auth/OAuth2InterceptorFactory.cs
+++ b/src/csharp/Grpc.Auth/OAuth2Interceptors.cs
@@ -47,17 +47,31 @@ using Grpc.Core.Utils;
 
 namespace Grpc.Auth
 {
-    public static class OAuth2InterceptorFactory
+    public static class OAuth2Interceptors
     {
         /// <summary>
-        /// Creates OAuth2 interceptor.
+        /// Creates OAuth2 interceptor that will obtain access token from GoogleCredentials.
         /// </summary>
-        public static MetadataInterceptorDelegate Create(GoogleCredential googleCredential)
+        public static MetadataInterceptorDelegate FromCredential(GoogleCredential googleCredential)
         {
             var interceptor = new OAuth2Interceptor(googleCredential.InternalCredential, SystemClock.Default);
             return new MetadataInterceptorDelegate(interceptor.InterceptHeaders);
         }
 
+        /// <summary>
+        /// Creates OAuth2 interceptor that will use given OAuth2 token.
+        /// </summary>
+        /// <param name="oauth2Token"></param>
+        /// <returns></returns>
+        public static MetadataInterceptorDelegate FromAccessToken(string oauth2Token)
+        {
+            Preconditions.CheckNotNull(oauth2Token);
+            return new MetadataInterceptorDelegate((metadata) =>
+            {
+                metadata.Add(OAuth2Interceptor.CreateBearerTokenHeader(oauth2Token));
+            });
+        }
+
         /// <summary>
         /// Injects OAuth2 authorization header into initial metadata (= request headers).
         /// </summary>
@@ -97,8 +111,15 @@ namespace Grpc.Auth
             public void InterceptHeaders(Metadata metadata)
             {
                 var accessToken = GetAccessToken(CancellationToken.None);
-                metadata.Add(new Metadata.Entry(AuthorizationHeader, Schema + " " + accessToken));
+                metadata.Add(CreateBearerTokenHeader(accessToken));
+            }
+
+            public static Metadata.Entry CreateBearerTokenHeader(string accessToken)
+            {
+                return new Metadata.Entry(AuthorizationHeader, Schema + " " + accessToken);
             }
         }
+
+
     }
 }
diff --git a/src/csharp/Grpc.IntegrationTesting/InteropClient.cs b/src/csharp/Grpc.IntegrationTesting/InteropClient.cs
index 4f8a5a5da73..7411d91d5a7 100644
--- a/src/csharp/Grpc.IntegrationTesting/InteropClient.cs
+++ b/src/csharp/Grpc.IntegrationTesting/InteropClient.cs
@@ -127,7 +127,7 @@ namespace Grpc.IntegrationTesting
                     {
                         credential = credential.CreateScoped(new[] { AuthScope });
                     }
-                    client.HeaderInterceptor = OAuth2InterceptorFactory.Create(credential);
+                    client.HeaderInterceptor = OAuth2Interceptors.FromCredential(credential);
                 }
 
                 RunTestCaseAsync(options.testCase, client).Wait();
@@ -356,11 +356,7 @@ namespace Grpc.IntegrationTesting
             Assert.IsTrue(credential.RequestAccessTokenAsync(CancellationToken.None).Result);
             string oauth2Token = credential.Token.AccessToken;
 
-            // Intercept calls with an OAuth2 token obtained out-of-band.
-            client.HeaderInterceptor = new MetadataInterceptorDelegate((metadata) =>
-            {
-                metadata.Add(new Metadata.Entry("Authorization", "Bearer " + oauth2Token));
-            });
+            client.HeaderInterceptor = OAuth2Interceptors.FromAccessToken(oauth2Token);
 
             var request = SimpleRequest.CreateBuilder()
                 .SetFillUsername(true)
@@ -381,13 +377,16 @@ namespace Grpc.IntegrationTesting
             var credential = GoogleCredential.GetApplicationDefault().CreateScoped(new[] { AuthScope });
             Assert.IsTrue(credential.RequestAccessTokenAsync(CancellationToken.None).Result);
             string oauth2Token = credential.Token.AccessToken;
+            var headerInterceptor = OAuth2Interceptors.FromAccessToken(oauth2Token);
 
             var request = SimpleRequest.CreateBuilder()
                 .SetFillUsername(true)
                 .SetFillOauthScope(true)
                 .Build();
 
-            var response = client.UnaryCall(request, headers: new Metadata { new Metadata.Entry("Authorization", "Bearer " + oauth2Token) });
+            var headers = new Metadata();
+            headerInterceptor(headers);
+            var response = client.UnaryCall(request, headers: headers);
 
             Assert.AreEqual(AuthScopeResponse, response.OauthScope);
             Assert.AreEqual(ServiceAccountUser, response.Username);