4

I need to build a web application in php that allows an AD user to easily add a video link to a playlist of our company account. The problem is we don't want the employees to know the password of this account.

We recently installed a new internet filtering box that redirects all youtube traffic to Youtube for Education. The only problem is that if a teacher wants to visit a video they need for education but it isn't on the edu site, it will be blocked for students. The solution is to add that video to our edu account playlist and the video will then magically work for students.

I read in this post: Permanent access token with YouTube api? that you can exchange the temporary token for a permanent one but this method has been deprecated and I cannot find where OAuth 2.0 allows for this.

Any help would be greatly appreciated!

UPDATE:

I read in two different locations in the google API that a Service Account wasn't usable for youtube. But, I decided to try it anyways since it does support OAuth Authentication. It acts like it is performing the query but doesn't return any results.

// Make sure you keep your key.p12 file in a secure location, and isn't
// readable by others.
const KEY_FILE = '/secretlocation/youtubeAPIServiceKey.p12';


$client = new Google_Client();

// Set your cached access token. Remember to replace $_SESSION with a
// real database or memcached.
session_start();
if (isset($_SESSION['token'])) {
 $client->setAccessToken($_SESSION['token']);
}



// Load the key in PKCS 12 format (you need to download this from the
// Google API Console when the service account was created.
$key = file_get_contents(KEY_FILE);
$client->setClientId(CLIENT_ID);
$client->setAssertionCredentials(new Google_AssertionCredentials(
  SERVICE_ACCOUNT_NAME,
  array('https://www.googleapis.com/auth/youtube'),
  $key));                             
$youtube = new Google_YoutubeService($client);
$playlistResponse = $youtube->playlists->listPlaylists('id',
    array("mine"=>true));
print_r($playlistResponse);
$_SESSION['token'] = $client->getAccessToken();

When done in the sandbox on the google api website it returns 5 items. Here it only returns this:

Array ( [kind] => youtube#playlistListResponse [etag] => "dYdUuZbCApIwJ-onuS7iKMSekuo/Db2Wkrhuywa2CiaiO8EVH7ZukZ8" [pageInfo] => Array ( [totalResults] => 0 [resultsPerPage] => 5 ) [items] => Array ( ) )

UPDATE AGAIN:

I confirmed what I already knew. I was recieving Unauthorized error (401) when trying to add a new playlist to my account.

This error is commonly seen if you try to use the OAuth 2.0 Service Account flow. YouTube does not support Service Accounts, and if you attempt to authenticate using a Service Account, you will get this error.

https://developers.google.com/youtube/v3/docs/errors

Back to square one.

Community
  • 1
  • 1
Bil1
  • 440
  • 2
  • 18

1 Answers1

0

You need to use oauth 2.0 for desktop applications:

https://developers.google.com/accounts/docs/OAuth2InstalledApp

From the link:

1: When registering the application, you specify that the application is a Installed application. This results in a different value for the redirect_uri parameter.

2: The client_id and client_secret obtained during registration are embedded in the source code of your application. In this context, the client_secret is obviously not treated as a secret.

3: The authorization code can be returned to your application in the title bar of the browser or to an http:// localhost port in the query string.

Check also : https://developers.google.com/accounts/docs/OAuth2WebServer

in other words, you sort of hardcode the access credentials to an account and bypass the user-interaction for authentication.

Atheist
  • 525
  • 3
  • 22