I'd like to know if there's any solution to the following scenario:
OAuth2 allows us to grant permissions to application acting on user's behalf.
However, in this particular case, we have a different scenario: we need to restrict access to videos to either allowed websites (via embedding) or to iOS application, and the latter case should work without any authentication interactions.
Is there any way to solve this without generating & embedding an access token (which is far from being secure, let alone the fact that access token is supposed to expire at some point)?
Thanks.
When you authenticate with the Vimeo API, it's not your end user that needs authentication, it's the request your app makes.
So if you want your end users to be able to watch your videos without authentication, your app needs to provide an access token that is authenticated to your account, not the end user.
This way, all of the API requests made by your app will be authenticated as you, and the app can access your private data.
For ease of use, you can generate tokens authenticated this way on your app page. Tokens generated this way do not expire.