I am developing an iPhone application. This app supports an feature where user can upload a video to YouTube account which is shared by all the app users.
When app receives upload request, it internally logs-in to the common YouTube account and uploads the video.
As per my understanding OAuth is the secure way to log-in to any site compared to non-Oauth. Since only app knows the user-name and password, login dialog (web-view with user-name and password fields) should not be prompted to the user.
Is there any mechanism available in GData framework that supports OAuth authentication without prompting the user for user-name and password (i.e OAuth authentication with hard-coded user name and password)?
EDIT: Since my app is the owner of common YouTube account, can I user 'Client Login' mechanism for login? Is OAuth is preferred for hiding app user's account credentials from the app?
The only way an app can sign in with the account username and password is via ClientLogin. ClientLogin support is built into the GData library.
Signing in via OAuth 2 always requires that the user provide the credentials directly to the server via a webview; the application is not involved with signing in.
Note that ClientLogin sign-in can sometimes face a server challenge, such as when the user must solve a captcha, so it's not guaranteed to be reliable.
Putting the account name and password into an application may not be secure, as users can disassemble an application to obtain the credentials.
A more reliable approach would be for your installed application to send the files to your server, and your server then uploads them to YouTube.