Hello, I'm sorry, but there is no secret undocumented scope you can use for the photos API.
Hopefully this will have some useful information for you about refresh tokens. https://developers.google.com/accounts/docs/OAuth2WebServer Thank you. Michael Erickson | Photos APIs | [email protected] | 424-666-1024 On Sun, Dec 30, 2012 at 8:45 AM, Anh Nguyen <[email protected]> wrote: > Hi, > > I'm working on a web app project that require Picasa Access, and from > reading the documentation and researches, I can't find a Read-Only access > scope. I realize that if my app get hacked, the bad guys can potentially > use the refresh tokens to delete photos off of user accounts. Unless > someone here can tell me a secret undocumented scope that allow apps > Read-Only access, I'm having to redesign the infrastructure so that the web > app make calls to another secure server that actually stores the refresh > tokens, secret key, and make the API calls. > > My question (beside why is in name of small fluffy animals Google didn't > make a read-only scope) is how does everyone else here who do web > applications secure their secret key and refresh token to prevent the > security scenario stated above? > > > > -- > You received this message because you are subscribed to the Google Groups > "Google Picasa Web Albums API" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-picasa-data-api/-/mffY-iCms0wJ. > To post to this group, send email to > [email protected]. > To unsubscribe from this group, send email to > [email protected]. > For more options, visit this group at > http://groups.google.com/group/google-picasa-data-api?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google Picasa Web Albums API" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-picasa-data-api?hl=en.
