Hello we have a jukebox style iOS application named "Unifly Music" which uses Spotify API for the source of music. It seems Spotify now requires a premium account to even be able to search and view the catalogue.
Is there any way around this or special access tokens to be requested. Note only a session host actually plays the music. The Session guest simply view catalogue and suggest songs. Allowing more session guest to view catalogue and participate is great marketing to Spotify with no loss. Its a great feeder for Spotify to learn the likes of free users, own their contact information, and later convert those free account holders into premiums.
The spotify web API was updated 5/29/17 which caused the issue for our setup. Please help :) !
The Spotify API was indeed changed to require authentication for all calls to the Web API. However, I have good news! The search endpoint is still available to free users! You simply need to follow one of the authorization flows described here and include an Authorization header in your call. This change is also reflected in the documentation of the search endpoint.
Read the announcement here: https://developer.spotify.com/news-stories/2017/01/27/removing-unauthenticated-calls-to-the-web-api/
Related
If the user is logged-in with the native Twitter app installed, I want my app to open the Twitter app to request authorization.
I already implemented the flow to get the oauth_token in order to start the login process through Twitter's api. Only, the current API Documentation do not mention anything about how to use the native iOS app in the process. It only sends back a url for the user to log in.
let url = URL(string: "https://api.twitter.com/oauth/authorize?oauth_token=\(result.oauthToken)")!
DispatchQueue.main.async {
UIApplication.shared.open(url)
}
On getting the requested oauth_token, I get this link. Opening the link will display a Webview to login. Not the native Twitter iOS app.
I tried to use a deeplink to manually launch the Twitter app, but I couldn't found any resources on how to setup the link properly.
So far I have tried things like:
twitterauth://authorize?consumer_key=[KEY]&consumer_secret=[SECRET]&oauth_callback=swifter-[KEY]
or
twitterauth://authorize?oauth_token=\(result.oauthToken)
without any success...
As mentioned in another post, Clubhouse has implemented exactly this flow. So it is possible. The question is how ? 😅
This flow seems to have not been officially supported since the retirement of TwitterKit on May 1, 2018. Any applications that still offer this functionality to their end users likely have some sort of partnership with Twitter to allow for this which is otherwise undocumented publicly.
The reasoning for this was detailed sparsely in a related Twitter Developer Forums thread:
Unfortunately at this time we have had to make some incremental adjustments that are not so smooth for everyone; especially as you’ve found, for mobile app developers. We’re in the middle of a transition to a new API platform (via Twitter Developer Labs) and there will be some changes as we go along - we are asking for your feedback to help us, and if you check the ideas, authentication and authorization is something we’ve heard a lot about.
I cannot tell you today exactly when we’ll get to an enhanced solution, but this is something we are actively working on.
Direct link
The official guidance is to use the traditional WebView method until Twitter officially re-releases this capability:
I don’t believe that this is possible any longer, so I would encourage you to use the full OAuth flow. I apologise that this may not be what your users prefer, but this is the documented way to gain authorisation (we do not document or support URL schemes for the native iOS app).
Direct link
We do not support or document any means of users signing in to Twitter outside of the OAuth flow; any use of undocumented features is subject to change without notice.
Direct link
As linked above Twitter appears to be soliciting feedback on this via their UserVoice page, should you feel so inclined to suggest the re-implementation of such a feature.
I've read YouTube's Terms of Service several times and have Googled this question tirelessly with no concrete answer. This is not a legal question about my specific YouTube API client, I just want to know if any YouTube developer has used the API in this way. I'm working on a side project for myself that's essentially an Instagram-YouTube mashup. I am a YouTube developer with an API key. Can my API client store a videos title, description and id in my database when my users like a video on my client? I don't know how else I can keep track of my users liked videos within my client.
Since you already specified that this is in fact not a legal question, the short answer is: Yes, you can (meaning it is possible).
There is one more possibility coming to mind, though:
You could authenticate users via OAuth 2.0 using the https://www.googleapis.com/auth/youtube scope. That way, you can manage their liked videos and add/remove videos to this list when a user clicks the according buttons on your website (you can also check if any given video is already liked by the user). In this case, all the track-keeping is done by YouTube itself. This ultimately means that whenever a user likes a video in your app, they also like it on the YouTube website. This may or may not be desired, it is for you to decide that.
I have Java based website. I would like users to log into my website and then upload videos to youtube using my youtube account. Users should not be required to have their own youtube account since videos will be uploaded using my youtube account.
Does youtube support this scenario?
If so, is there a sample code that shows me how to do this in Java?
I have used UploadVideo.java sample provided by google (https://developers.google.com/youtube/v3/code_samples/java#upload_a_video), but it requires users to log into youtube account using their id and password. That is not my use case.
Please study the terms and conditions of the Youtube service ; I think they do not allow this:
https://www.youtube.com/static?gl=GB&template=terms
YouTube accounts
4.1 In order to access some features of the Website or other elements of the Service, you will have to create a YouTube account. When
creating your account, you must provide accurate and complete
information. It is important that you must keep your YouTube account
password secure and confidential.
4.2 You must notify YouTube immediately of any breach of security or unauthorised use of your YouTube account that you become aware of.
4.3 You agree that you will be solely responsible (to YouTube, and to others) for all activity that occurs under your YouTube account.
and
5.1.L: you agree not to access Content or any reason other than your personal, non-commercial use solely as intended through and permitted
by the normal functionality of the Service, and solely for Streaming.
"Streaming" means a contemporaneous digital transmission of the
material by YouTube via the Internet to a user operated Internet
enabled device in such a manner that the data is intended for
real-time viewing and not intended to be downloaded (either
permanently or temporarily), copied, stored, or redistributed by the
user.
You can not let other people use your YouTube account/channel. The way to do is using YouTube Direct Lite
You basically add a ytdl with playlist tag while uploading videos.
You can check Android Client for how to do it in Java.
As to whether it is technically possible, yes, see https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol
The technical problem here is users will be able to delete videos too if they have your access token with full permissions. basically you need to:
load your html page with the upload interface.
add to the onclick event of the upload button to send an ajax request to a script on your server which will:
return the access token of your account to the client
soon thereafter change the access token using the refresh token
Its still technically vulnerable though. a possible solution is to obtain the access token ONLY with the scope:
https://www.googleapis.com/auth/youtube.upload
There is a very good chance it will not be vulnerable then. You should test it.
I'm creating a simple iPhone app. The basic premise is that the app will display some data (That I provide online) on the application. The data changes over time, so the app has to draw the data from online and display it. I don't have a significant programming background so I don't want to use my own server.
Thus, I thought it would be significantly easier to just put the data into some documents on a Google account and then access them programmatically via the Google Drive API. I could then update the data in my Drive account and it would get updated in the application. The key here is that I am ONLY accessing ONE account that I own MYSELF. The users' accounts are not being accessed. Therefore the goal is to never have to log in manually. It should all happen behind the scenes, aka, it should look like a server, not a google doc.
With this in mind, it doesn't make sense to show the Google Accounts sign-in page to my users as the standard OAuth2.0 tutorial shows here:https://developers.google.com/drive/quickstart-ios#step_1_enable_the_drive_api
I should be able to access my own data by somehow hardcoding in my username, password etc. Google agrees here: https://developers.google.com/drive/service-accounts#use_regular_google_accounts_as_application-owned_accounts
The above link mentions a "refresh token" that I'm supposed to save. However, I have no idea how to build and save that token, or even for that matter, where to find it.
I've gone through both the basic tutorial and the Dr. Edit Tutorial for iOS, but they both assume that the application is accessing USER accounts not application-owned accounts.
I'm not asking for someone to write the code for me (though tidbits are nice), but if you can point me to a step-by-step guide or related sample code that would help me get started that would be awesome. I'll even come back and post the code that I use!
EDIT: Since I realized that the Google Drive API wasn't something I could use for what I am trying to do, I eventually found Parse which is an awesome tool that handles all the server backend for me and is free at the basic level.
Google APIs objective-C client library doesn't support service (application-owned) accounts, because they are supposed to be used by a server-side apps, instead of clients -- you shouldn't be distributing your private key as a part of an app.
If you would like to distribute content from a service account, maybe you should write a server leg to do the authentication and pass clients credentials in a secure way for them to talk to the API on the behalf of the service account. Or, use Web publishing to make documents universally accessible without authorization and authentication if privacy is not a concern.
I'm currently working on an app (iOS 6) where the user will be signing in using their facebook account.
In regards to this I have a few questions:
a) Since the app asks the user for permission to access cetain data (like: basic profile info, friend list, access to post to wall etc), I assume that the app based on it's app id will be somehow authenticated to access this information as long as the user doesn't restrict access through their facebook account.
b) will it be possible for example via a service application to authenticate with the same app id as the mobile app, and hence be able to collect data from the facebook users who authenticated with the app?
The purpose of my question is, that I would like do some analysis on the users using the iphone app, but I don't want the app to first download the information from facebook, and then pass it on to my service for analysis.
If the above is possible, could anyone please guide me in the direction of what it is that I need to do? Perhaps links to tutorials that describes this setup, og simply tell me the right facebook terminology that I'm looking for to achive this.
Thanks in advance!
It's a bit late and you may have already picked a service. I have been using Parse.com
(tutorial site). They're very good. They have SDKs and sample code for many platforms a RESTful service for others.
They have recently been acquired by FaceBook, and already have strong links to Facebook's SDK.