Use OAuth tokens instead of .netrc where possible

[Saklad5]

Please follow the guide below

• You will be asked some questions and requested to provide some information, please read them carefully and answer honestly
• Put an x into all the boxes [ ] relevant to your issue (like that [x])
• Use Preview tab to see how your issue will actually look like

---

Make sure you are using the latest version: run youtube-dl --version and ensure your version is 2016.11.08.1. If it's not read this FAQ entry and update. Issues with outdated version will be rejected.

• I’ve verified and I assure that I'm running youtube-dl 2016.11.08.1

Before submitting an issue make sure you have:

• At least skimmed through README and most notably FAQ and BUGS sections
• Searched the bugtracker for similar issues including closed ones

What is the purpose of your issue?

• Bug report (encountered problems with youtube-dl)
• Site support request (request for adding support for a new site)
• Feature request (request for a new functionality)
• Question
• Other

---

The following sections concretize particular purposed issues, you can erase any section (the contents between triple ---) not applicable to your issue

If the purpose of this issue is a site support request please provide all kinds of example URLs support for which should be included (replace following example URLs by yours):

• Single video: https://www.youtube.com/watch?v=BaW_jenozKc
• Single video: https://youtu.be/BaW_jenozKc
• Playlist: https://www.youtube.com/playlist?list=PL4lCao7KL_QFVb7Iudeipvc2BCavECqzc

---

Currently, the only method to automatically authenticate youtube-dl requests is with a cleartext .netrc file. This is obviously extremely insecure, and I think it would be much better if youtube-dl requested OAuth tokens from supported sites instead.

Alternatively, allow a command to be run before and after accessing .netrc, which would allow the user to encrypt and decrypt the file as they see fit.

[yan12125]

Alternatively, allow a command to be run before and after accessing .netrc, which would allow the user to encrypt and decrypt the file as they see fit.

Sounds related: #10610

[yan12125]

To implement OAuth, a headache is how to handle expired tokens.

[Saklad5]

Couldn't you just request refresh tokens on each run, or when given a certain argument?

[yan12125]

You need to provide your username and password to get an OAuth token, isn't it? If an user needs to provide credentials on each run, .netrc is not necessary.

[Saklad5]

I believe you need a valid OAuth token to get a new one, not the username and password again. I may be mistaken, of course.

[yan12125]

I'm not sure about other websites. At least on Facebook, you need to re-login every two months.

[rautamiekka]

[...] At least on Facebook, you need to re-login every two months.

Yes, but Fb provides a dedicated way to check the login status, which I think you should do everytime you first connect.

[amishmm]

Here is documentation and related Python API.
Doc: https://developers.google.com/identity/protocols/OAuth2
API: https://github.com/googleapis/google-api-python-client

There is another perl based youtube-viewer app which makes use of oauth. What it does is asks user to go to: (you can click the following link and see how it requests the permission)

https://accounts.google.com/o/oauth2/auth?access_type=offline&client_id=923751928481.apps.googleusercontent.com&redirect_uri=urn:ietf:wg:oauth:2.0:oob&response_type=code&scope=https://www.googleapis.com/auth/youtube.force-ssl

Once you allow the access, all you do is to paste the code shown and app gets the access.

It allows only the following permissions.

See, edit, and permanently delete your YouTube videos, ratings, comments and captions

This way one can restrict app to access only Youtube and no access is allowed to mails or contacts or calendar etc.

It also has code for refreshing tokens.

Related perl code can be found here:
https://github.com/trizen/youtube-viewer/blob/master/lib/WWW/YoutubeViewer/Authentication.pm

Hope this helps. Thank you.