I'm building a web application that allows a specific user to upload videos to a YouTube account through the use of the YouTube API. The uploading of videos will be done by only one person & videos will be uploaded only to one account. If the YouTube account is already authorized by the app to manage the channel etc, how can I setup the application in such a way that the user bypasses the authentication/login screen every time he/she needs to upload a video? (That is when the user exits and re-enters application.)
While reading, a solution I stumbled upon a solution which was to use a refresh token but I don't know how to integrate it with the code I have currently. The code I'm using is the one available on the Google Developers site, link below.
https://developers.google.com/youtube/v3/code_samples/javascript#upload-a-video
Please note that I've gone through & read all similar questions on this forum but none provides Javascript help/solution.
Normally i would say that you should use a service account which would allow you to preauthorize the access to YouTube. However the YouTube API does not support service accounts so your going to have to do it the hard way.
You will need to authenticate your application once and save the refresh token. Then you will be able to use the refresh token again later to get a new access token. You will have to watch this application refresh tokens can expire its rare but it can happen so you should have something set up that will allow you to quickly reauthenticate it and save a new refresh token.
To my knowledge it is not possible to get a refresh token with JavaScript your going to have to use a server sided language like node.js for example. This tutorial should show you how to get offline access with node js. Node.js Quickstart
Related
I wanted to ask you if I could implement javascript youtube API in order to upload videos to a single predefined channel, without the need of authenticating.
Based from this thread, it might not be possible if you are trying to get the server to authorize on your behalf say if you were allowing people to upload videos to a single shared channel. You'd need to do some way of authorizing the client locally on the server which then has the server authorized to the YouTube account.
However, you may refer with this post which stated that if you don't want authentication for each upload process, you can use refresh token.
A few web-based applications I maintain have been using JavaScript on the page to fetch posts from Instagram* through their API, only authenticating with a client_id. With the Instagram API changes recently (applications are sandboxed until approved) this no longer works.
Is this kind of application allowed by Instagram? Or is it considered a security risk to expose the client_id in the Javascript that performs the request? If it matters, the application is for internal use by a few employees only.
* Specifically, the 10 last posts from a fixed user.
All instagram API endpoints now require a valid access_token rather than client_id. The search endpoint is an example of one that didn't previously require an access_token. You can find this in the Change logs
All API endpoints require a valid access_token
All API endpoints require a specific permission scope granted by the user
You can authorise your own account and grab the last 20 posts, but for any more than that you will need to submit your app for review
Try to create a new app.. My app was deleted instead of going to sandbox mode.
As you need 10 last posts, this should work on sandbox mode.
Content Display for Personal Website. If you are a developer and you want to showcase Instagram content on a website, then you do not need to submit your app for review. By using a client in sandbox mode, you will still be able to access the last 20 media of any sandbox user that grants you permission.
I'm newbie to Facebook Graph API and Facebook JavaScript SDK but I'd like to know some things:
Is there any way to put my Access Token in a Open Source application without actually showing it? I'm using GitHub and for security purposes I'd like to make it private.
Can I show my user information without asking the users to Authenticate themselves?
Where in Facebook Developers App can I allow more "scopes" to share publicly? For example, user_photos, user_posts, user_likes, user_status, etc...
These "scopes" that Facebook allows by default are actually the information I'm getting from the user while I'm Authenticating them right?
Just to clarify what I'm trying to do, I want to share things about my Facebook Account through the Facebook Graph API in the gh-pages branch on GitHub, but I don't like the idea of having to authenticate every single user that has access to the page.
I'd like to make my user information public, but don't want to show my access token, because it's Open Source and it can get dangerous eventually.
If you'd like to see my repository and have a better understanding of the project. You can access https://github.com/iszwnc/rye
If I recap:
you don't want to share your app access token (good!),
you don't want your users to authenticate.
Basically, you can't hide your token and let your users query Facebook directly. You need some server-side code on a machine that would be the only one reaching Facebook. Your server would play the role of an interface between Facebook and your users. So you will have to:
do the API calls from a server using server-side code (i.e. Node.js),
save the information you want in a database. This is optional but better to avoid the same information to be retrieved multiple times, thus avoiding your future 100 users to (voluntarily or not) reach your app API limit.
let the users query your server using some client-side code (i.e. AngularJS) in order to retrieve what you and only you know (remember, you own the token).
About Github, don't share your token on it. People can generate their own token if they want to run your app. Here are several suggestions:
Add your token to an environment variable which you can set just before launching the app (don't forget to mention that in your README),
Add your token to a file:
Create a credentials.js file that contains an empty token:
// Please use your own token
var APP_TOKEN = '';
Commit the file to Github,
Have a .gitignore file that contains the credentials.js,
var APP_TOKEN = 'now-you-can-put-your-token-here';
Good luck with your project, it looks exciting :-)
I want to create a web application that allows the users to upload videos to a specific YouTube account. The users do not have gmail accounts and they have to access YouTube via one login. Is there a way for me to achieve this without having the users to login to the Google account.
I have tried the samples provided by the YouTube API. These first show the Google+ log in screen for the users to enter the credentials. What i want, is for the application to login, without the users knowing it. Is it possible to implement a way for the application to signin to the account without its users realizing it. Please provide me with a soution. So far I have tried the YouTube JavaScript API.
Thank you in advance!
YouTube is dependent on gmail emails now. They switched a while back.
You should be able to have them login once, and then your application could remember their login.
YouTube's authentication is going to need them to login so the OAuth token can be handed off.
I'm trying to learn DropBox API, I started learning using of creating Drop-in chooser APP. I created app and it works success, but before I choose the file, it needs to login on dropbox system. I want to set my app on my account, so for every user when they open my app, I want to give them possibility to choose files from my dropbox account. I want to create app and choose files without loggining on dropbox. I hope you understand what I mean...
The Drop-ins are part of the Dropbox web site, and are built to show the user their own accounts, so it's not possible to use the Drop-ins with a single pre-defined account for all users.
The Dropbox Core API was also designed with the intention that each user would link their own Dropbox account, in order to interact with their own files. However, it is technically possible to connect to just one account. The SDKs don't offer explicit support for it and we don't recommend doing so, for various technical and security reasons.
However if you did want to go this route, instead of kicking off the authorization flow, you would manually use an existing access token for your app. (Just be careful not to revoke it, e.g. via https://www.dropbox.com/account/security .)