Tuesday, September 15th, 2009
What a shame. YouTube officially doesn’t support “iframes” when it comes to OAuth and AuthSub. That’s a bit of a pain, but have no fear, I’ve found a way around it.
You see the issue is that YouTube’s, well Google’s, authentication system can’t modify cookies as it’s being loaded in an “iframe”, making the site a third-party site from the parent and most browsers disallow third-party cookies. That’s why if you have MPUs or other advertising on your site that uses “iframes”, you normally see this in firebug:
Permission denied for <http://adsite.com> to call method Location.toString on <http://www.yoursite.com>.
So what’s the way around it I hear you ask? Well, it’s to get rid of the “iframe” and do a browser redirection. Simple. But, I know what you’re thinking, what about getting the user back to where they were in the first place, well…
- If your gadget/microsite is mainly server-side, so lots of page refreshes and so on, you just give them a cookie and pass them back to the URL from which they came from; you can then work out the logic yourself.
- If your gadget/microsite is mainly client-side, such as Flash or JavaScript (which in my opinion it should be), then you can make uses of the wonderful world of hashes! This means that you append an informative hash to the end of the “next” URL when you submit to the authentication system, such as “#user/was/here”.
Now I talk a lot about Flash, so obviously if you’re reading this, then you might have built your gadget in Flash or JavaScript, so this is what would happen:
- You submit the parameters to YouTube and this refreshes the browser window
- The user does their business, log in, and allow access, then everyone’s happy
- Now they’re back on your site and they’ll be on the gadget’s/microsite’s URL which may look like: http://microsite.com/gadget.html?#user/was/here?token=sowasi
- You can then use some cunning JavaScript to get the hash and the token variable from the URL and off then go back to your gadget
Job done! I’ve uploaded examples to my Github, check them out and tell me what you think.
