Google OAuth Verification
OAuth Testing Instructions
This page gives Google reviewers the steps needed to test the OAuth consent flow and the user-facing YouTube upload purpose of Clipper Emsa Pro.
| Application | Clipper Emsa Pro |
|---|---|
| Homepage | https://clipper.emsa.pro |
| Testing URL | https://clipper.emsa.pro/login-youtube.php |
| Redirect URI | https://clipper.emsa.pro/auth/youtube/callback.php |
| Requested scope | https://www.googleapis.com/auth/youtube.upload |
| Local app login | No local username or password is required for the YouTube OAuth testing page. The reviewer can use a Google test account that owns or can upload to a YouTube channel. |
Step-by-Step OAuth Test
- Open https://clipper.emsa.pro and confirm that the public homepage, Privacy Policy, Terms, use case, and scope justification pages are accessible without login.
- Open https://clipper.emsa.pro/login-youtube.php.
- Click Connect / Reconnect YouTube.
- Google opens the OAuth consent screen for Clipper Emsa Pro.
- Review the requested permission. The app should request only
https://www.googleapis.com/auth/youtube.upload. - Grant consent using a Google account that has a YouTube channel available for upload testing.
- Google redirects to
https://clipper.emsa.pro/auth/youtube/callback.php. - The page returns to the YouTube testing app and shows whether the OAuth grant was completed.
- Click Validate Token to confirm the token status, audience, expiry, and granted scope.
- Optional: click Refresh Access Token to confirm the refresh token can create a new short-lived access token for scheduled upload jobs.
How To Verify The Upload Use Case
The OAuth test page demonstrates consent and token validation. The production workflow uses the same Google OAuth grant to call YouTube Data API v3 and upload a final generated MP4 file to the user's channel. The upload path is:
- A user adds or selects a video source in the Clipper workflow.
- The app creates a short vertical clip, title, description, tags, and optional thumbnail assets.
- The workflow stores generated media on SFTP hosting to produce a public URL and keeps job status for audit.
- When publishing is enabled, the workflow creates a short-lived Google access token from the stored refresh token.
- The workflow uploads the generated video through YouTube Data API v3 and stores the returned YouTube video ID and URL.
The testing page does not expose refresh tokens or client secrets. Tokens are stored server-side for the browser session or as encrypted production secrets.
Reviewer Notes
- If the OAuth consent screen is still in Google testing mode and Google provides a reviewer email address, that email should be added to the OAuth test users list before review.
- No PDF, iframe, embedded document, or login wall is required to access this instruction page.
- If Google needs an operator dashboard PIN for a deeper production workflow demo, provide it only in the private verification email response, not on this public page.