search

ytdl-org / youtube-dl

Command-line program to download videos from YouTube.com and other video sites
http://ytdl-org.github.io/youtube-dl/
The Unlicense
132.41k stars 10.04k forks source link

Use OAuth tokens instead of .netrc where possible #11176

Open Saklad5 opened 8 years ago

Saklad5 commented 8 years ago

Please follow the guide below

Make sure you are using the latest version: run youtube-dl --version and ensure your version is 2016.11.08.1. If it's not read this FAQ entry and update. Issues with outdated version will be rejected.

Before submitting an issue make sure you have:

What is the purpose of your issue?

The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue

If the purpose of this issue is a site support request please provide all kinds of example URLs support for which should be included (replace following example URLs by yours):

Currently, the only method to automatically authenticate youtube-dl requests is with a cleartext .netrc file. This is obviously extremely insecure, and I think it would be much better if youtube-dl requested OAuth tokens from supported sites instead.

Alternatively, allow a command to be run before and after accessing .netrc, which would allow the user to encrypt and decrypt the file as they see fit.

yan12125 commented 8 years ago

Alternatively, allow a command to be run before and after accessing .netrc, which would allow the user to encrypt and decrypt the file as they see fit.

Sounds related: #10610

yan12125 commented 8 years ago

To implement OAuth, a headache is how to handle expired tokens.

Saklad5 commented 8 years ago

Couldn't you just request refresh tokens on each run, or when given a certain argument?

yan12125 commented 8 years ago

You need to provide your username and password to get an OAuth token, isn't it? If an user needs to provide credentials on each run, .netrc is not necessary.

Saklad5 commented 8 years ago

I believe you need a valid OAuth token to get a new one, not the username and password again. I may be mistaken, of course.

yan12125 commented 8 years ago

I'm not sure about other websites. At least on Facebook, you need to re-login every two months.

rautamiekka commented 5 years ago

[...] At least on Facebook, you need to re-login every two months.

Yes, but Fb provides a dedicated way to check the login status, which I think you should do everytime you first connect.

amishmm commented 5 years ago

Here is documentation and related Python API. Doc: https://developers.google.com/identity/protocols/OAuth2 API: https://github.com/googleapis/google-api-python-client

There is another perl based youtube-viewer app which makes use of oauth. What it does is asks user to go to: (you can click the following link and see how it requests the permission)

https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=923751928481.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/youtube.force-ssl

Once you allow the access, all you do is to paste the code shown and app gets the access.

It allows only the following permissions.

See, edit, and permanently delete your YouTube videos, ratings, comments and captions

This way one can restrict app to access only Youtube and no access is allowed to mails or contacts or calendar etc.

It also has code for refreshing tokens.

Related perl code can be found here: https://github.com/trizen/youtube-viewer/blob/master/lib/WWW/YoutubeViewer/Authentication.pm

Hope this helps. Thank you.