Hello Again,
Just one follow-up to make sure there isn't any confusion about the
OAuth 2 flow: in OAuth 2, you can obtain a refresh token which is
meant to be stored and reused by your app to generate new access
tokens. This means that each user normally only needs to go through
the OAuth 2 approval flow once, when you obtain the initial refresh
token for them.
I point this out to make sure that your app isn't asking users to go
through the auth flow every time they upload, which would end up
making things more complicated for you and more annoying for your
users.
Cheers,
-Jeff Posnick, YouTube API Team
groups.google.com/group/youtube-api-gdata | apiblog.youtube.com |
@YouTubeDev
On Apr 24, 3:16 pm, Jeffrey Posnick <je...@google.com> wrote:
> Hello Folks,
>
> I'm told that newly issued tokens have now been *temporarily*
> reverted back to the shorter format, so this should resolve the issue
> with your currently deployed application. Getting an update to your
> code pushed out to your users should definitely be a priority, though.
>
> Using ClientLogin is not the answer, and I'm sorry that that's what
> you took away from this experience. (What I have taken away from it is
> that the OAuth 2 docs need to be more explicit about best practices
> for this particular use case, which is hardly a condemnation of the
> entire authentication mechanism.) For a list of reasons why moving off
> of ClientLogin is a good idea, see
>
> http://apiblog.youtube.com/2011/03/clientlogin-fail.html
>
> Not to mention the fact that ClientLogin is officially deprecated as
> of last Friday:
>
> http://googledevelopers.blogspot.com/2012/04/changes-to-deprecation-p...
>
> Cheers,
> -Jeff Posnick, YouTube API Team
> groups.google.com/group/youtube-api-gdata | apiblog.youtube.com |
> @YouTubeDev
>
> On Apr 24, 2:18 pm, Sandy <alexanderpe...@gmail.com> wrote:
>
>
>
>
>
>
>
> > Jefferey -- sincere thanks for your quick response and consideration of our
> > plight.
>
> > We may or may not be able to weather the storm of protest and annoyance
> > from our installed base at this point.
>
> > In any case, we've learned a huge lesson here: iMovie and the other
> > biggies have clearly made the more conservative and in the end better
> > choice by sticking to the old authentication system -- we definitely got
> > too adventurous by trying to use oAuth2 with our application.
>
> > We would have been fine if we were developing a web app, but for a
> > "download" app with an inherently imperfect "auto-update" functionality --
> > we've shot ourselves in the foot. It remains to be seen if we will bleed
> > to death now.
>
> > Warning to other developers of downloadable applications: Be careful to
> > avoid our fate! Unless you have a 100% bulletproof
> > instant-auto-update-everything functionality, use the old and stable parts
> > of the API or pay the price! (insert skull/death symbol here)
--
You received this message because you are subscribed to the Google Groups "YouTube APIs Developer Forum" group.
To post to this group, send email to youtube-api-gdata@googlegroups.com.
To unsubscribe from this group, send email to youtube-api-gdata+unsubscribe@googlegroups.com.
For more options, visit this group at http://groups.google.com/group/youtube-api-gdata?hl=en.
No comments:
Post a Comment