1

I'd like to know if there's any solution to the following scenario:

  • there's an account with private videos, all marked as 'hidden from Vimeo.com', but enabled for embedding on several domains
  • there's an iOS application that is supposed to have access to all those videos (stream/download)

OAuth2 allows us to grant permissions to application acting on user's behalf.

However, in this particular case, we have a different scenario: we need to restrict access to videos to either allowed websites (via embedding) or to iOS application, and the latter case should work without any authentication interactions.

Is there any way to solve this without generating & embedding an access token (which is far from being secure, let alone the fact that access token is supposed to expire at some point)?

Thanks.

xfyre
  • 93
  • 2
  • 6

1 Answers1

1

When you authenticate with the Vimeo API, it's not your end user that needs authentication, it's the request your app makes.

So if you want your end users to be able to watch your videos without authentication, your app needs to provide an access token that is authenticated to your account, not the end user.

This way, all of the API requests made by your app will be authenticated as you, and the app can access your private data.

For ease of use, you can generate tokens authenticated this way on your app page. Tokens generated this way do not expire.

Dashron
  • 3,968
  • 2
  • 14
  • 21
  • This is more or less clear and that's the way we're doing it now. However: 1) I'm not sure about pre-generated token expiration and 2) this is not very secure - if user manages to extract this token from the app, he could gain access to all private content. – xfyre May 01 '17 at 15:12
  • Unfortunately with apps, that's a security vulnerability on all levels. If you include your client id and secret, someone can extract that and generate tokens. I'm not aware of any Android or iOS mechanism that can properly secure any data included in an app. – Dashron May 02 '17 at 17:07
  • 1
    I get URL of private video, but how i can play that Video in web or in native player – Iqbal Khan Apr 26 '18 at 12:04