YouTube Data API: How to get private video of the other user - youtube-api

How to get private video of the other user via YouTube Data API v3?
The following page says
"authorized requests can also retrieve information about or private to the currently authenticated user."
https://developers.google.com/youtube/v3/getting-started
Is that possible?

As per the developers guide you can get all users public data, but only the private of the user you are authenticating with. So no, you cannot get the private videos of another user.

No, In order to get access to private user data your application must request consent of the user to access their data. A random person can not access someone else private data then it wouldn't be private would it.
Public data is data this is not owned by anyone, or data which the owner has granted everyone public access. this is why you can do a video.list it shows all public videos users have uplaoded.
Private data is data that the owner has chosen to keep private. If the owner has chosen that this video should be private then the only way to access it is by requesting their permission.
Request access from the owner
we use oauth2 to request that consent of the user.
How that is done depends upon which programming language you are using. I recommend having a look at the current samples on the developer sight there may be one for your language.
Once you have authorized the user you will have an access token that access token must then be sent along with the request as a authorization header
Curl just for example.
curl \
'https://youtube.googleapis.com/youtube/v3/videos?key=[YOUR_API_KEY]' \
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]' \
--header 'Accept: application/json' \
--compressed

Related

Issues authenticating to Twilio to send message from sub-account or using API Keys

I'm having some issues sending SMS messages via a Twilio messaging service.
I have parent account and sub-account configuration.
cURL statement is as follows:
curl --location --request POST 'https://api.twilio.com/2010-04-01/Accounts/{{account-sid}}/Messages.json' \
--header 'Authorization: Basic {{auth}}' \
--header 'Content-Type: application/x-www-form-urlencoded' \
--data-urlencode 'Body=test' \
--data-urlencode 'MessagingServiceSid={{messaging-service-SID}}' \
--data-urlencode 'To=REDACTED'
I can get it working for some combinations of account-sid and auth header, but not all is working as expected.
e.g. here is a table that describes what works and what doesn't.
Number
account-sid in URL path
username in auth header
password in auth header
Works?
Expected Result?
#1
Parent Account SID
Parent Account SID
Parent Account Auth Token
NO - HTTP 404
YES
#2
Parent Account SID
Parent Account API Key
Parent Account API Secret
NO - HTTP 401
NO - should return HTTP 404
#3
Parent Account SID
Sub Account SID
Sub Account Auth Token
NO - HTTP 401
NO - should return HTTP 404
#4
Parent Account SID
Sub Account API Key
Sub Account API Secret
NO - HTTP 401
NO - should return HTTP 404
#5
Sub Account SID
Sub Account SID
Sub Account Auth Token
NO - HTTP 401
NO
#6
Sub Account SID
Sub Account API Key
Sub Account API Secret
NO - HTTP 401
NO
#7
Sub Account SID
Parent Account SID
Parent Account Auth Token
YES
YES
#8
Sub Account SID
Parent Account API Key
Parent Account API Secret
NO - HTTP 401
NO
Any ideas as to why some of these (specifically the ones where the expected result in the table above is 'NO') aren't working? FYI., the basic auth is calculated by Postman as shown below, so there shouldn't be any issues with this. Note: I've been changing the variables appropriately and even hard coded the usernames/passwords...
FWIW I didn't expect any of the ones with the parent account SID in the URL path to work, but just added them for completeness... the one I really want to get working is #6 as I want to generate separate API keys for individual subsystems to mitigate risk/impact if one of the API keys gets compromised. Any ideas why this might not be working...
The behavior varies based on the host portion of the API you are calling.
Only api.twilio.com supports calling the sub-accounts using the main accounts Account SID and Auth Token. This is done using the construct defined here (Node.js example):
const client = require('twilio')(accountSid, authToken, { accountSid: subaccountSid });
Source: https://www.twilio.com/docs/iam/api/subaccounts
When performing CRUD operations within a subaccount, use the
subaccount SID and auth token. Alternatively, you can generate API
Keys at the subaccount level for authentication.
I managed to narrow this down to being an issue with the API Key/secret. Multiple Twilio staff had given me examples that they claimed worked, which were exactly the same as what I had, but weren't working for me... I tried creating an API Key/secret in a different region and it worked. Seems that only API Keys in the AU1 region have this issue. When I tried with an API Key in the US1 region it worked!
Suspect it's not fully available in the AU region at the time of this writing - see https://www.twilio.com/docs/global-infrastructure/regional-product-and-feature-availability#australia-au1-region

Is Google Sign In Required everytime to upload a Video to Youtbe using JAVA..?

I am trying to upload a Video to my YouTube account using my own Application(Spring-boot) with the help of Google Library. But every time when I try to call the insert API of YouTube it asks for a Physical Sign in to Google Account. I want to upload my Video without Google Signin via passing the API Key or the client credentials(generated in Google Console for OAuth) in a post Request. I don't want to signin to google every time to upload a video. My account should be verified with the credentials I provide in the post Request.
curl --request POST
'https://youtube.googleapis.com/youtube/v3/videos?key=[YOUR_API_KEY]'
--header 'Authorization: Bearer [YOUR_ACCESS_TOKEN]'
--header 'Accept: application/json'
--header 'Content-Type: application/json'
--data '{}'
--compressed
Another Question is How I can get [YOUR_ACCESS_TOKEN] ..?
End Point URL : POST https://www.googleapis.com/upload/youtube/v3/videos
Google Link : YouTube Upload Video steps
Any Suggestion would be Very Helpful.
JAVA code snippet :
you can find this on Google Link.
The only way to do that would be to request offline access. At which point you should get a refresh token back. You can then use the refresh token to request a new access token at a later date without requiring that you login to google again.
Since your code is in Curl i have posted a response using Curl, even though your question mentons java.
# Authorization link. Place this in a browser and copy the code that is returned after you accept the scopes.
https://accounts.google.com/o/oauth2/auth?client_id=[Application Client Id]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&scope=[Scopes]&response_type=code
# Exchange Authorization code for an access token and a refresh token.
curl \
--request POST \
--data "code=[Authentcation code from authorization link]&client_id=[Application Client Id]&client_secret=[Application Client Secret]&redirect_uri=urn:ietf:wg:oauth:2.0:oob&grant_type=authorization_code" \
https://accounts.google.com/o/oauth2/token
# Exchange a refresh token for a new access token.
curl \
--request POST \
--data 'client_id=[Application Client Id]&client_secret=[Application Client Secret]&refresh_token=[Refresh token granted by second step]&grant_type=refresh_token' \
https://accounts.google.com/o/oauth2/token
Code ripped from my Gist

Slack API: `groups.list` not returning private channels I am part of

I am trying to get a list of all channels (public and private) to which I can post messages.
I am getting a list of public channels using channels.list and it is working well. It is returning me all the public channels to which I can post.
I am trying to get a list of private channels by using groups.list. The call is returning an OK response, but I am not getting any results.
I have created a private channel. I am the only member. This channel is not being returned by the group.list API call.
I have groups:read and channels:read oauth scopes.
This is being done using the Slacker python library.
Even the following curl call does not return me any private channels:
curl --data "token=xoxb-REDACTED" 'https://slack.com/api/groups.list'
How can I get a list of private channels I am part of using the Slack API?
UPDATE:
If I use the dev token in the above curl call, it does correctly return me my private channels.
When I look inside of Slack at the integrations, I see the integration with my dev app. It says that the dev app can Access information about user’s private channels, granted by 1 team member (among others). Something is amiss and I don't know where. It seems that the oauth token has an issue, but I don't know what.
The problem is that I was also requesting the bot oauth scope. When Slack finished authorizing my app, it was issuing a personal token and a bot token. The bot token does not have access to the private channels, while the personal one does.

Google OAuth 2 implicit flow on iOS, refresh token manually

Hi I have the Google OAuth 2 explicit flow working according to:
https://developers.google.com/identity/protocols/OAuth2WebServer
I also have the implicit flow working on iOS with GIDSignIn, specifically I get the GIDSignInDelegate::sign(_ signIn: GIDSignIn!, didSignInFor user: GIDGoogleUser!, withError error: Error!) callback and have access to user.authentication.accessToken and user.authentication.refreshToken.
I'm trying to pass that refreshToken back to our private app server so that it can make requests on behalf of the user (mainly because it's easier to just sign in with the SDK than make the front end developers deal with raw URL requests).
However, when I try to use that refresh token to get a new access token on the back end:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'cache-control: no-cache' \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&client_secret={client_secret}&refresh_token={refresh_token}&grant_type=refresh_token'
It returns:
{ "error": "invalid_grant", "error_description": "Bad Request" }
I think the issue is that my server has a client id and secret, but iOS only has a client id. Without a secret (sometimes called key) corresponding to the iOS client id, there is no way for me to refresh the token on the back end. I was hopeful that Google would detect that both the server client id and iOS client id were registered to the same app and let the server refresh the token with its credentials, but that doesn't work.
I've looked at both the "API keys" and "OAuth 2.0 client IDs" sections at:
https://console.developers.google.com/apis/credentials
But am at a loss.
Does anyone know a curl command for refreshing a token acquired through the iOS SDK?
Or is this simply not possible?
Thanks!
For anyone reading this, I got it working:
On a whim I tried calling the refresh token endpoint without passing client_secret (as there isn't one when using implicit flow on mobile). Here is the curl:
curl --request POST \
--url https://www.googleapis.com/oauth2/v4/token \
--header 'content-type: application/x-www-form-urlencoded' \
--data 'client_id={client_id}&refresh_token={refresh_token}&grant_type=refresh_token'
This appears to be undocumented. The closest example I found is at https://developers.google.com/identity/protocols/OAuth2InstalledApp#refresh but it shows client_secret=your_client_secret& and never mentions that with implicit flow, front end web and mobile apps don't normally use a client secret.
Please don't upvote my answer, as I haven't done anything. OAuth is generally not documented very well, or contains code snippets pertaining to platform SDKs without the underlying URL requests or curl examples. SDKs are often opaque/closed-source so would require dropping down to tcpdump or packet sniffing to see what's going on. I didn't do the due diligence, I just got lucky.
I have sent feedback to Google but if this issue has affected you, you can click the gear in Gmail and "Send feedback" to hopefully get documentation updated more quickly.
Please refer to this link:
https://developers.google.com/identity/sign-in/ios/offline-access
From the reference, you have to do 2steps below to let your server able to refresh your access token
Make sure your server and iOS app use credentials of the same project, 1 browser key and 1 iOS key
Add this line: [GIDSignIn sharedInstance].serverClientID = your_server_client_id

how to get my twitter timeline entries

I have tried this and that.
But requesting this:
https://api.twitter.com/1.1/statuses/user_timeline.json?user_id=monyetbego
keep giving me Bad Authentication data.
I don't know exactly how to get authenticated.
You need to register an application through Twitter's developer site. Once your application is approved you will be given a set of Oauth keys, which you can use within an API request to receive a response. Note that in API V1.1, you can no longer submit unauthenticated requests (i.e. send requests through a unauthenticated URL like the one you posted).
For example, once you have your authentication information, you can use curl to submit a show_timeline request (see your Application's OAuth tool on the Twitter Dev website for parameters specific to your authentication information):
curl --get 'https://api.twitter.com/1.1/user_timeline.json' --header 'Authorization: OAuth
oauth_consumer_key="XXXXXXXXXXXXXXXX", oauth_nonce="XXXXXXXXXXXXXXXXXXXXXXXX",
oauth_signature="XXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_signature_method="XXXX-XXXXX",
oauth_timestamp="XXXXXXXXXXX", oauth_token="XXXXXXXX-
XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX", oauth_version="1.0"' --verbose

Resources