试图围绕 Vimeo API 授权过程来解决我的问题 [英] Trying to wrap my head around the Vimeo API authorisation process
问题描述
所以我喜欢在 WordPress 插件中使用 vimeo API.
So I like to use the vimeo API in a WordPress plugin.
在我看来,实际上有 3 种不同的方法可以做到这一点.
Its seems to me there are actually 3 different ways how to do this.
所以我的猜测是,我可以将视频设置为主"应用程序,并通过其复杂的授权过程让用户对我的应用程序进行身份验证以执行操作.我不确定这究竟是如何工作的......
So my guess is that I could setup my website with video as 'master' application and through their complicated authorization process let users authenticate my app to do things. I am not sure how this exactly works ...
因为我打算在商业上使用它,所以我必须将我的插件注册为带有视频的商业应用程序.并不是说我希望被他们拒绝,但我喜欢我的用户将自己的网站作为他们自己的应用程序的想法,即使这意味着他们需要更长的设置时间.
Because I plan to use this commercially I would have to register my plugin as a commercial application with video. Not that I expect to be rejected by them but I like the idea of my users have their own sites be their own application even if this means longer setup for them.
我见过一个插件(codeflavors vimeo post Lite)为用户提供client id和client secret的设置,然后请求获取特定的API令牌对于用户来说,基本上每个用户都在 vimeo 上注册了自己的应用.
I have seen one plugin (codeflavors vimeo post Lite) offer settings for client id and client secret to the user and then does a request to get a API token specific for the user so basically every user has their own app registered on vimeo.
/**
* Constructor, fires up the parent by providing it with
* client ID, secret and token, if any
*/
public function __construct( $args = array() ){
// set plugin settings
$this->settings = cvm_get_settings();
// set the token
$token = null;
if( !empty( $this->settings['oauth_secret'] ) ){
$token = $this->settings['oauth_secret'];
}else if( !empty( $this->settings['oauth_token'] ) ){
$token = $this->settings['oauth_token'];
}
// set up redirect URL
$redirect_url = admin_url( 'edit.php?post_type=' . cvm_get_post_type() . '&page=cvm_settings' );
// start the parent
parent::__construct( $this->settings['vimeo_consumer_key'], $this->settings['vimeo_secret_key'], $token, $redirect_url );
我不明白他们代码的这一部分,令牌是 oauth_secret 或 oauth_token 的部分
I do not understand this part of their code, the part where the token is either a oauth_secret or a oauth_token
但我实际上已经集成了他们的代码而忽略了 oauth_secret 部分,因此用户可以在 WP Admin 页面中生成他们的令牌,如果我的插件在他们输入他们的 vimeo 秘密和 id 时.
But I actually already integrated their code ignoring that oauth_secret part so users can generate their token in the WP Admin page if my plugin when they put their vimeo secret and id in.
但现在我发现了另外两个似乎只使用令牌的插件.
But now I found 2 other plugins that seem to just use tokens.
define( 'VIMEOGRAPHY_ACCESS_TOKEN', 'eaf47146f04b5550a3e394f3bbf8273f'); 他们在他们的代码中公开了他们的令牌.这是打算这样使用吗?
define( 'VIMEOGRAPHY_ACCESS_TOKEN', 'eaf47146f04b5550a3e394f3bbf8273f'); they have their token just public-ally in their code. Is this intended to be used this way?
我还在 Vimeo 应用设置中发现,您可以在那里生成令牌.为脚本或测试生成令牌".我看到另一个插件指示用户在那里生成他们的令牌并将该令牌放入 WP 管理页面.
I also found out in the Vimeo app setup that you can generate a token right there. "Generate a token for script or testing". And I seen yet another plugin instructing users to generate their token there and drop that token in the WP Admin page.
所以我有点困惑,但我的猜测是我可以将自己的令牌用于公共数据,当用户需要私人数据时,我可以指示然后生成他们自己的令牌并使用它,实际上跳过所有这些复杂的授权内容.尽管有一个官方的 api 对我来说似乎更简单,更容易维护,让他们使用像其他 API 的 api 密钥这样的令牌.
So I am a bit confused but my guess is I could just use my own token for public data and when users need private data I could just instruct then to generate their own token and use that and actually skip all this complicated authorization stuff. Even though there is a official api for it to me its seems simpler and easier to maintain to just let them use a token like a api key for other APIs.
所以我的问题是我对此是否正确.走复杂路线有什么好处.如果我可以让我的用户生成他们自己的代币?
So my question is am I right about this. And what are the advantages to going the complicated route. If I can just let my users generate their own tokens?
推荐答案
身份验证带有 Vimeo API 的令牌可以分为三种类型:
Authentication tokens with the Vimeo API can be broken down into three types:
- 未经身份验证(客户端凭据)
- 经过身份验证(OAuth2 流程)
- 经过身份验证(个人访问令牌)
未经身份验证的/客户端凭据令牌只能用于从 Vimeo 获取公共数据,并且是根据 client_id 和 client_secret 值生成的.
Unauthenticated/client credentials tokens can only be used to get public data from Vimeo, and are generated from the client_id and client_secret values.
在授予 适当的范围.经过身份验证的令牌以以下两种方式之一生成:
Authenticated tokens can be used to get both public and private data from Vimeo, when granted the appropriate scopes. Authenticated tokens are generated in one of two ways:
通过 OAuth2 流程发送给最终用户,他们在该流程中授权您的应用程序代表他们的 Vimeo 帐户执行操作
Send the enduser through the OAuth2 flow, where they authorize your application to perform actions on behalf of their Vimeo account
在应用管理页面上生成个人访问令牌".此令牌已通过应用创建者帐户的身份验证.
Generate a "personal access token" on the app management page. This token is authenticated to the app creator's account.
当然,用例各不相同,但这里有一些关于何时使用这些类型的令牌的一般示例:
Usecases vary, of course, but here are some general examples of when to use each of these types of tokens:
- 未经身份验证 - 在您的应用程序只需要从 Vimeo 检索公共数据时使用.
- 通过 OAuth 进行身份验证的令牌 - 如果您的应用将由其他用户使用并且需要获取 Vimeo 上对这些用户帐户私有的数据,请使用此选项.
- 通过个人访问令牌进行身份验证的令牌 - 如果您的应用程序将仅由您自己的 Vimeo 帐户使用并且需要将您帐户中的数据设为私有,请使用.
- Unauthenticated - Use if your application will only ever need to retrieve public data from Vimeo.
- Authenticated token via OAuth - Use if your application will be used by other users and will need to get data on Vimeo private to those user's accounts.
- Authenticated token via personal access token - Use if your application will only ever be used by the your own Vimeo account and will need to get data private on your account.
您提到的每项服务都应概述它们需要的身份验证令牌类型.他们可能需要您作为其应用程序的最终用户完成 OAuth2 流程并授权应用程序代表您的 Vimeo 帐户执行操作.他们可能还需要您在 Vimeo 开发者网站 上生成一个应用程序,并通过您的应用程序的 client_id/secret,或创建个人访问令牌并使用该令牌提供服务.
Each of the services you mention should outline what type of authentication token they require. They may need you, as the enduser of their application, to go through the OAuth2 flow and authorize the application to perform actions on behalf of your Vimeo account. They may also need you to generate an application on the Vimeo Developer site, and either provide the service with your application's client_id/secret, or create a personal access token and provide the service with that token.
希望这些信息有帮助!
这篇关于试图围绕 Vimeo API 授权过程来解决我的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
