2-legged OAuth vs 3-legged OAuth for Youtube API

I’m modifying a WordPress plugin to allow users to upload videos to Youtube through a form. (Plugins like this already exist, but I’m doing this for a client who has specific requirements.) These videos will be uploaded to a Youtube account that belongs to my client.

Reading through the Youtube API and the Google API, OAuth is the preferred method of authenticating to Google’s servers to use their API. However, all of the examples that I’ve seen require a user to authorize the connection from the OAuth client to the OAuth server, similar to the way OpenID asks users to sign into an account.

Read More

I would like to avoid this, if possible; I don’t want site visitors uploading videos to their own account through the WordPress plugin. Even if they aren’t able to choose the account, I also don’t want them to have to authorize the client access. Basically, I want to skip the verification phase because I know that I have permission.

From what I’ve been reading, 2-legged OAuth allows an application to authenticate against another application without any extra verification step, which is what I want. However, uploading a video requires logging into a user account, as it is not an anonymous function (like getting a list of the most recent videos uploaded).

Can 2-legged OAuth do the things I want (single-user authentication, without specifying a UID/pass, and no account confirmation) or am I limited to 3-legged OAuth?

Related posts

Leave a Reply