OAuth 2.0 to Access Google APIs for Wordpress plug

2019-09-08 16:34发布

问题:

I have a Wordpress plugin that will be used to display Youtube videos with YouTube Data API version 3. It will not request private information and will perform only read operations with the list method.

I do not know what "Application type" (Web application, Service account or Installed application) I have to select in OAuth 2.0 to access Google APIs to use in a Wordpress plugin.

Should I add my client id and client secret in the plugin?

What is the most appropriate way to use the OAuth in an application of this type? I would greatly appreciate any link to a tutorial.

Should I request the user to register its own application in the Google APIs Console?

回答1:

Assuming that end users, people vising the WordPress blog, want to see their own videos and as a result each end user must go separately through the approval flow.

Unfortunately there is no ideal solution for this case.

The application type in this case is web application, but you cannot register and ship the client id and secret. The user (the WordPress blog admin or owner) has to register its own application in devconsole.

If you do register and hard code the client id and secret, then end users will be prompted to give access to "WordPress YouTube plugin" (which makes no sense to them) instead of "Blog Name" (which they know they are reading). Also, there are multiple security issues with distributing the secret for a web app.