I'm implementing server-side interactions with YouTube and I'm a bit lost with the kind of Product/App you need to create in order to publish videos via the API for example.
Looking at the OAuth2 doc, it says that I need to register my app with the API Console (looks good so far, very similar to creating a Facebook App).
But then, I looked at the Google .NET library and here it says that a Product needs to be registered in the YouTube dashboard... Not sure to understand how these are complementary. If anyone has a synthetic explanation (which I didn't found in the docs), I would be grateful.
Thanks
I'm not 100% sure but I believe:
The YouTube Dashboard was originally setup prior to the announcement of YouTube API v3, which is yet to be released. You use the Dashboard to register your application and get a YT Dev Key. You can also use the Dashboard for some extremely low level application statistics.
The API Console is Google's attempt to form one administrative console for ALL of their APIs. Since Google is transistioning to oAuth 2 authorization, you will need to use the API console as well in order to apply for a clientID, redirectURI, and clientSecret if you want to authorize with oAuth 2.
At this time, if you do not want to use oAuth2 you do not need access to the API Console. However, know that in February of next year YouTube is going to kill all other forms of authorization (sub, clientLogin, oAuth1).
So to try and simplify things:
Use the API Console to get your oAuth2 in order
Use the YT Dashboard to get a YT Dev Key
In the future, when Google goes lives with YouTube API v3, you will probably want to switch to a new Dev Key from the API Console and leave the Dashboard all together.
Related
I have a mobile application built upon Ionic Framework which uses many Cordova packages. We are upgrading the app from Ionic3 to Ionic5. In the Ionic3 application our .NET API was responsible to managing user logins. Going forward, in the Ionic5 app we will NOT be managing user credentials - we will be using 3rd party Identity Providers such as Google, Facebook, and Twitter.
We have implemented the Cordova packages to handle external authentication with Facebook and Google and it works fine. How do we tie the token that is received from Google/Facebook to our .NET API? When we try to use the token provided from Google/Facebook we - of course - get a 401 because our .NET API doesn't know about that token as it was issued from an external source.
I am aware of the process of how to enable the schema described here (External Authentication Services w/ASP.NET Web Api) but in this case the user agent browses to the Web Application in the browser. This is not true in my case as the user agent will be using a mobile application not a web site.
But I hope the principal is the same. But I'm missing something here.
The user will open the mobile app, authenticate with Google/Facebook and be issued a token. Now, what needs to happen to get that token to be recognized by my ASP.NET Web Api?
For example. When I registered my mobile app with Google Developer's Console I selected that the type of app is an Android application and was issued a Client ID for Android now how can I use this token in my ASP .NET Web API? There MUST be some way to tie the two together or some article out there.
Thanks in advance for your assistance!
Also, I looked at this post and see its 11 years old. Is there something here that I should be doing? Please help point me in the right direction. how-can-i-verify-a-google-authentication-api-access-token
It is about data ultimately, and identifying users in a consistent manner, then tracking their history with your app / business.
SOCIAL LOGIN PACKAGES
These are often cheap and nasty solutions that add complexity to your apps as you are finding.- especially when you need to look things up by user.
OPTION 1 - COMPLEX APPS
Your API could look at the token issuer (ISS claim in the token) and download token signing keys from either Facebook or Google - if JWKS endpoints exist. Then create a user from the access token's sub claim if required.
OPTION 2 - SIMPLER APPS
Deal with only a single type of token in your UIs and APIs, which will work like this. It moves the complexity to your Authorization Server (AS):
You have an Authorization Server (use Google maybe) to deal with token issuing and other central OAuth concerns
You have multiple Identity Providers (eg Facebook + Google) to support different login methods for users
During login Facebook posts a token to the AS
Then the AS issues its own token to your UI
The AS may be able to use Account Linking to provide a consistent user id regardless of login method
There is a learning curve in getting this working, but once done it can easily be scaled to many apps with zero code changes.
The proper answer is Auth0... see the below sequence diagram!
I'm building an app that will allow users to upload videos to my Youtube channel. I have checked online about using Google Api to access the data/upload videos, but all references and examples seem to assume videos will be uploaded to the user's youtube channel, hence the process always involves using OAuth to gain approval from the user.
However, in my case the only youtube channel all users will access is mine. And I'm not even asking them to create an account on my app to upload the videos. Is there a way to do this directly from the app.
My app is an iOS app, but if you have a solution in any other language, I welcome your suggestion.
Thanks in advance
I had the same problem not so long ago. Youtube Documentation doesnt make it easy. Even though you getting access to your own Youtube channel, You still need to be authenticated using OAuth. Google makes hard for you to be vulnerable to attacks.
My solution is using a server side(API) application. What you can then do is make your iOS app hit the API.
So the tricky thing is getting the refresh token. Its hardly documented anywhere. What you can then do is follow documentation of your preferred language for the API.
The documentation can be found here https://developers.google.com/youtube/v3/guides/auth/server-side-web-apps
Get the Refresh token:
Step 1 : Hit this url in the browser https://accounts.google.com/o/oauth2/auth?client_id=ClientID_Here&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=https://gdata.youtube.com&response_type=code&access_type=offline
It will make you log in using your youtube credential which is your google account.
You will then have to agree for google to access your account by clicking allow.
At the end it will give you a code.
Step 2 : You should then authenticate using a clientless platform.
(eg instead of browser) Use curl instead. (There plenty of 3 minute tutorials on how to use curl)
Hit this url endpoint :
curl https://accounts.google.com/o/oauth2/token -d "code=CodeFromGoogleOAuth&client_id=ClientIDHere&client_secret=ClientSecretHere&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code"
You should then get a refresh token in the response.
There are alot of examples of how to upload from then on like
https://developers.google.com/youtube/v3/code_samples/dotnet
In the example above you have to avoid using the GoogleWebAuthorizationBroker use Googles one instead. Look for RefreshToken Field
It is not possible to allow third parties to upload videos to a single YouTube account with the YouTube Data API, and that is by design. See this Google Blog, explaining "It’s tempting to design a system in which all videos are uploaded to a single “master” YouTube account, but this is always the wrong approach."
A potential workaround is to use YouTube Direct Lite, which allows you to easily build and moderate a playlist on your YouTube account comprised of videos uploaded by your users on their accounts.
I hope you can direct me with my query.
I wish to create my own authentication method for users in my Google Apps for Work account. Currently I am using built in Google Authentication, however I wish to build my own authentication method in PHP, Phyton or .NET; language doesn't matter really. So I want users to go to the page I will create, then they will need to pass authentication and be logged to Google Apps.
I know SSO is the way to do it but after my research I found very little about how to achieve it with Google Apps. I mean there is tones of third party platforms like OneLogin etc but I would like to have something I build myself. Ideally I would like to have some examples of SSO which works with GAFW so I could figure out the rest myself. I read somewhere that building own SSO portal it's not a piece of cake and also found an article that you can create something based on oAuth2.0 instead. So tried research about oAuth2.0 but all documentation I found is about authenticating to the application that I build using Google Apps Credentials, where I want the opposite; to be able to access Google Apps using the app that I build.
Hope someone could direct me to some examples or documentation or explain the process of learning curve to get my head around this project of building SSO for GAFW.
If you want to write your own Auth system and become the Identity Provider (IdP), you need to use SAML as that is the only supported method for now.
Here are the step by step instructions
after a lot of back and forth with the Twitter documentation I am now able to authenticate with OAuth 1.0 and make request behalf on the user who sign-ined and accepted my app to preform changes / retrieve data.
Now, I'm trying to make requests to the Twitter Ads API.
This is the error I get:
{"errors":[{"code":"UNAUTHORIZED_CLIENT_APPLICATION","message":"The client application making this request does not have access to this API"}],"request":{"params":{}}}
As it seems, there is a need of another app registration. I registered it with my app id, assuming the 'developer' stage is the fit for me. I'm trying to retrieve analytics, e.g., retrieve campaigns for the user who accepted it.
After registration the Ads App Form, the error stays the same. The docs don't specify if there is a need for a special implementation for the ads-api. Also, the Ads App I opened isn't mentioned anywhere, nor in my twitter apps.
Am I missing something?
Thanks before.
Looking at Twitter ads API documentation, getting access is a pretty involved process. From their site, you'll need:
One positive referral from a client, advertiser or Twitter team
(outside of Ads API)
Clear value proposition on how how your solution
will supplement the Twitter ads offering and improve advertiser
performance
History of compliance with Twitter developer policies
Experience running Twitter Ads
Twitter App ID associated with a corporate #username, with no more than 5 active tokens
It seems a little overkill, but I haven't seen any other way around it. If you find a better way to get ads API access, please post another answer here because I have a potential project that would use these APIs, but the application process has been too daunting to really justify starting the effort.
As of Sept 2016, the application process appears to be much easier.
It appears you no longer need positive referrals, value props, history, or experience running Twitter ads.
Documentation on the net seems to be VERY scarce. The only option I can think of at the moment
is to have my SPA app break convention and to have the (initial) logged out page be different to the logged in one (eg my app).
My app is built using Durandal 2.0.0.
In one of my OAuth tests app's I've managed to implement this link successfully. But as Durandal does not work in the same way (Server-side controller, & razor views), I'm thoroughly confused in how to achieve what I want to.
I'd like to have my app remain a single page app. But I've got little to no experience with the OAuth SDK
My only requirement is that the user log into my app using his FB account.
I've had an initial stab at this using the FB java script API, and got it working, but after discussions with another developer this side, it doesn't seem like the purpose of the java script API is to facilitate secure application login's? As the way we had it, would allow any user to pass a valid fb userId, then he would be logged into our app. :/
How would I go about achieving this process flow in a Durandal/Web API Single Page App?
User logs in using fb ->
then on the server we get his fb userId ->
retrieve our internal appID
I'm not asking for a complete answer/for someone to do my work....
But any documentation to get me started/less confused would be greatly appreciated.
Here is a sample project which demonstrates how to use OAuth with Durandal and Web API:
DurandalAuth.
However there are some modifications in viewmodels needed, since router changed in Durandal 2.0.0.