Search code examples
google-cloud-platformoauth-2.0youtube-data-api

How to get my own Google API access token without using "Log in with Google"?

On my site, I want to be able to retrieve whether my own YouTube account goes live. After looking around, I found this endpoint:

GET https://www.googleapis.com/youtube/v3/liveBroadcasts,

that would help me do just that. However, the main problem I found is that it requires an OAuth2 token, and the only way I could find to generate one was going through the whole Login with Google approach.

My main problem is that I want anyone who visits my site, to be able to see whether I'm live or not. I'm not looking for workarounds or using web crawlers either - I want to be able to use this specific endpoint. Is that even possible?

In other words, is it possible to get my own access token manually, and just plug that into the API request to access the endpoint directly? Or is this just impossible?

Solution

  • First thing to know about YouTube Data API is the following: for to issue authorized request to it, one cannot alleviate authentication through the browser.

    You may read the doc OAuth 2.0 Flow: Installed apps for thorough info about the authorization flow on standalone computers.

    The doc specifies step 4 -- Handle response from Google -- and step 5 -- Exchange authorization code for refresh and access tokens. By the initial OAuth flow, you get two tokens: a short-lived access token and a refresh token that produces access tokens on demand. Authentication without browser is not possible, but once having a refresh token, it can be traded programmatically for access tokens:

    1. Initialization: obtain via browser authentication a refresh token;

    2. Iterations: as many times as needed, query the API for an access token -- without any browser interaction! -- using the refresh token from (1), then proceed further with the call to the target API endpoint (again, without any browser interaction).

    Note that the steps (1) and (2) may well be separated such that (1) is executed by a standalone (local) computer that stores the refresh token into a file; later, upon a secure transfer of that file on a different remote computer (e.g. a server that does not have a browser installed), execute (2) on that remote computer, repeatedly as needed (see Using OAuth 2.0 for server-side, standalone scripts.)