We are launching a new video streaming business and believe Vimeo Pro is the product to use. But, before purchasing we need help figuring out how to navigate the video upload authentication process through a Ruby on Rails application.
We are attempting to interact/authenticate on behalf of the user/member.
We are a multi-user site so hard coding a user access token won't work, unless it can be our access token. Can this be done?
The users are not the app owner they are site members.
We will be running a "channel" along with storage, so that the general public can view videos.
We are following the official getting started API document section “Upload API”: https://developer.vimeo.com/api/upload
What we have found is when a user uploads videos through our application, they get redirected to the Vimeo site for authentication. When the user authenticates, they are then redirected to our site with USER’s access token, and can then upload the video.
BUT, we need a solution whereby the system sends OUR permanent authentication token with the upload, so the user doesn’t have to authenticate and it’s just automatic and unseen to them.
Please help us understand the process of uploading video's directly onto Vimeo Pro servers through a Ruby on Rails application with our account’s permanent authenticatiojn token or some solution that is equivalent to this.
Any help would be greatly appreciated!
Thank you!
Related
Okay, So I have seen multiple issues(answered and unanswered) regarding Instagram API, haven't found anything related to my problem.
I have made an app in iOS which lets users download only profile pictures of any Instagram user in HD resolution.
After a long struggle, I have found all of the related API's And I am able to get the HD variant of Profile pictures in the app. Now the thing is those APIs read the phone's browser cookies that if I have authenticated the user in Instagram or not. And if I don't authenticate before the HD profile query id doesn't give me the desired data i.e no HD profile Url.
It means that I can only get the Instagram authentication before letting my users search and query for the HD profile pictures. So I figured out and added that using Instagram Basic Display API.
The problem came when I submitted the app for the Facebook developer review. They keep saying that Instagram profile permission(s) should not be used to authenticate new users in your app.
And it's the 3rd time I told them that the app flow requires the authentication just to read cookies and I am not using any of the user's data for personal authentication, but they are not letting the app pass the review.
My need is can someone help me out if I am really using the wrong authentication process or maybe I am not able to convey my need to the reviewer. So what do I tell them, I am sure there is something going on wrong because I have seen some apps doing the same process in their apps.
Thanks for helping me out
I have an app on the server, I need to upload some videos to one (only 1) youtube account, but without user/browser/client's interaction (I don't want an OpenID/OAuth to be shown), how can I achieve this?
I've googled, but all I ever found is always requires user interaction.
It sounds like you want to OAuth into one account (your own) to enable uploads without requiring user input. If so, you can create OAuth credentials on the Google API Console Credentials page (which I believe is the page in your screenshot) by choosing Create credentials > OAuth client ID > Web application > Create.
Once you have the client ID and client secret, you can use the process described here to generate an access and refresh token, and use these in your server code when making the API upload request.
On a side note, if you are collecting video submissions from users, YouTube recommends you have users upload to their own accounts, for a variety of reasons. See this blog post for details; in particular:
One crucial consideration is which account the videos will be uploaded
to on YouTube. It’s tempting to design a system in which all videos
are uploaded to a single “master” YouTube account, but this is always
the wrong approach. While using a master account means that each
uploader doesn’t need to register for their own YouTube account, a
high rate of uploads into a single YouTube account is a good way to
run afoul of the YouTube API’s quota system. Additionally, each
uploader to YouTube agrees to YouTube’s Terms of Service, which says
that they have the right to upload that content, and that the content
does not violate our Community Guidelines. By taking responsibility
for other users’ content, you are essentially putting your own account
and YouTube standing at risk.
I have Java based website. I would like users to log into my website and then upload videos to youtube using my youtube account. Users should not be required to have their own youtube account since videos will be uploaded using my youtube account.
Does youtube support this scenario?
If so, is there a sample code that shows me how to do this in Java?
I have used UploadVideo.java sample provided by google (https://developers.google.com/youtube/v3/code_samples/java#upload_a_video), but it requires users to log into youtube account using their id and password. That is not my use case.
Please study the terms and conditions of the Youtube service ; I think they do not allow this:
https://www.youtube.com/static?gl=GB&template=terms
YouTube accounts
4.1 In order to access some features of the Website or other elements of the Service, you will have to create a YouTube account. When
creating your account, you must provide accurate and complete
information. It is important that you must keep your YouTube account
password secure and confidential.
4.2 You must notify YouTube immediately of any breach of security or unauthorised use of your YouTube account that you become aware of.
4.3 You agree that you will be solely responsible (to YouTube, and to others) for all activity that occurs under your YouTube account.
and
5.1.L: you agree not to access Content or any reason other than your personal, non-commercial use solely as intended through and permitted
by the normal functionality of the Service, and solely for Streaming.
"Streaming" means a contemporaneous digital transmission of the
material by YouTube via the Internet to a user operated Internet
enabled device in such a manner that the data is intended for
real-time viewing and not intended to be downloaded (either
permanently or temporarily), copied, stored, or redistributed by the
user.
You can not let other people use your YouTube account/channel. The way to do is using YouTube Direct Lite
You basically add a ytdl with playlist tag while uploading videos.
You can check Android Client for how to do it in Java.
As to whether it is technically possible, yes, see https://developers.google.com/youtube/v3/guides/using_resumable_upload_protocol
The technical problem here is users will be able to delete videos too if they have your access token with full permissions. basically you need to:
load your html page with the upload interface.
add to the onclick event of the upload button to send an ajax request to a script on your server which will:
return the access token of your account to the client
soon thereafter change the access token using the refresh token
Its still technically vulnerable though. a possible solution is to obtain the access token ONLY with the scope:
https://www.googleapis.com/auth/youtube.upload
There is a very good chance it will not be vulnerable then. You should test it.
What I want to do in a nutshell:
In our app I want to be able to upload videos to our company YouTube account. Our app has 'host' users and 'guest' users. The host can upload videos for a guest. The video will be unlisted so they're not available publicly and the guest will get a message in the app telling them that a new video is available. We'll then play the video in the app using the YouTube link.
I've downloaded the google-api-objectivec-client source and integrated it in the project. I've studied the YouTube example application that comes along with it. In this example application the user logs into her own account using OAuth 2.0 which is not our use case. The app should have authorization to upload videos to our company account without bothering the user.
I've read a lot of documentation and searched the web to see if someone else has solved this but I was not able to find the right solution.
My Question:
How should our app get authorization to upload videos? Using API keys, using Google+, using a service account? If someone can point me in the right direction, I would really appreciate it!
Unfortunately this is not possible at the moment.
I want a few admin users on my site to be able to upload/edit videos straight to my own vimeo account without them having to authenticate each time with my credentials, I couldn't find much on this scenario on Vimeo, has anyone done anything similar?
I've noticed I have an OAuth access token from Vimeo, maybe I can use this somehow?
There is a common misconception here, that authorization has anything to do with the user interacting with your application.
Authorization is simply how you want your app to interact with Vimeo.
If you want to interact on behalf of another user, you need their token. If you want to interact on your own behalf, you only ever need to use your own token.
So in the case you mention above, you simply need to hard code an access token into your app. This way all of your api calls will be made as if it's your own account. Users interacting with your app, such as uploading, will actually be using your account, and uploading videos to your account.