我们可以在没有 OAuth 的情况下使用 google youtube data api [英] Can we use google youtube data api without OAuth
问题描述
阅读谷歌API的文档后.我知道如果我们创建的项目需要访问私有数据,我们应该使用 oauth.但这是我的情况.我们会在Youtube开一个企业账号,我们会创建一个项目来推送视频到我们自己的账号,不需要操作其他用户的账号.我们可以在没有 OAuth 的情况下使用 google youtube data api 吗?
After reading the documents of Google API. I know that if a project we create needs to access private data, we should use oauth. But here is my situation. we will open a business account in Youtube, and we will create a project to push videos to our own account, we don't need to operate other user's' account. Can we use google youtube data api without OAuth?
推荐答案
有两种方法可以使用 Google API 访问私人用户数据.
There are two ways to access private user data with Google APIs.
- Strait Oauth2. where you have a consent for asking the owner of the account if you can access it
- Service accounts which are technically pre authorized by the developer.
通常我会说,因为您只访问您拥有的一个帐户,请使用服务帐户.不幸的是,YouTube API 不支持服务帐户身份验证.
Normally I would say because you are only accessing the one account that you own, use a service account. Unfortunately the YouTube API does not support service account authentication.
由于缺乏服务帐户支持,您将不得不使用 Oauth2.我过去曾这样做过.
Due to the lack of service account support you will have to use Oauth2. I have done this in the past.
使用某种服务器端语言对您的脚本进行一次身份验证.身份验证服务器将返回给您一个刷新令牌.可以随时使用刷新令牌来获取新的访问令牌.访问令牌用于访问 Google API,并且仅在一个小时内有效.将此刷新令牌保存在某处.然后,您可以随时允许访问相关 YouTube 帐户.
Authentication your script once, using a server sided language of some kind. The Authentication server will return to you a Refresh token. Refresh tokens can be used at any time to get a new access token. Access tokens are used to access Google APIs and are only valid for an hour. Save this refresh token someplace. You will then be able to allow access the YouTube account in question when ever you like.
注意:您必须观看它.刷新令牌在极少数情况下会变得无效.我建议准备一个脚本,允许您再次对应用程序进行身份验证并存储新的刷新令牌.这种情况很少发生,但最好预先配对.
Note: You will have to watch it. Refresh tokens can on rare occasion become invalid. I recommend having a script ready that will allow you to re authenticate the application again storing a new refresh token. Its rare that it happens but it can happen best to be pre-paired.
Oauth Playground
Oauth 的部分意义在于,它通过在 Google 开发者控制台上创建您的项目向 Google 识别您的应用程序.尽管如此,诸如配额和对哪些 API 的访问受到控制.如果您向 API 发送垃圾邮件,他们会知道并关闭您.(从未见过这种情况)
Part of the point of Oauth is that it identifies your application to Google though the creation of your project on Google developer console. Things like quota and access to which APIs is controlled though that. If you spam the API they will know and shut you down. (never seen this happen)
当您请求访问用户时,它会在谷歌开发者控制台上弹出项目名称.这由谷歌开发者控制台上该项目的客户端 ID 和客户端密码标识.当我使用 oauth playground 时,我被问到Google OAuth 2.0 Playground 想要 .."
When you request access of a user it pops up with the name of the project on google developer console. This is identified by the client id and client secrete for that project on google developer console. When I use oauth playground I get asked 'Google OAuth 2.0 Playground would like to ..'
因此,通过使用 playground,您将使用 Google 的客户端 ID 和客户端密码为自己创建刷新令牌.如果 N 个其他开发者也这样做,YouTube 的配额可能会在一天内用完.同样安全方面,您现在允许该项目访问您的数据.如果谷歌突然决定删除更改客户端 ID 或生成新的客户端 ID,请暂时忽略这一点.您的刷新令牌将不再有效.如果随机 dev X 也在使用它并且他开始向所有内容发送垃圾邮件并且客户端 ID 被关闭(想想这发生在去年)你将不得不等待谷歌上传一个新的客户端 ID 现在已经禁止.
So by using playground you are using Googles client id and client secrete to create a refresh token for yourself. If N other devs are also doing this the quota for YouTube may be used up in the course of a day. Also security wise you are now giving that project access to your data. Ignore that for a second what if google suddenly decides to remove change the client id or generate a new one. Your refresh token will no longer work. What if random dev X is using it as well and he starts spamming everything and the client id gets shut down (Think this happened last year) your going to have to wait for google to upload a new client id for the one that has now been banned.
Google OAuth 2.0 Playground 可能看起来不错,但它不适合日常使用 IMO 仅用于测试.创建您自己的项目并获得自己的访问权限,这并不难,只需要一种可以处理 http Post 的编程语言.
Google OAuth 2.0 Playground might seam nice but its not for daily use IMO its good for testing nothing more. Create your own project and get your own access its not hard just requires a programing language that can handle a http Post.
我的教程 Google 3 腿 oauth2 流程
这篇关于我们可以在没有 OAuth 的情况下使用 google youtube data api的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
