CUNY Academic Commons

Hi Boone -- she wants to embed videos from videostreaming.gc onto her Commons site. The video streaming site itself is not on the Commons

There's probably a way to tap into WP's native oEmbed detection regex so that you have to write a minimal amount of code to make it work. I've copied Ray here - he's done extensive work in this part of WP, and can probably point you in the right direction.

Dan - the function you'll want to look at is wp_embed_register_handler():
https://codex.wordpress.org/Function_Reference/wp_embed_register_handler

This adds embed support to WordPress by using regex for the URL matching and allows you to add a function callback to specify what you want to do with the URL for embedding.

Let me know if you have any questions about this.

That is really nifty! Thanks so much Ray! I think I've got it working here: https://github.com/cuny-academic-commons/cac/commit/0035abc7cec43aeb3730333273678c4df231aa3e

I put it in functions.php, but do we want it in its own plugin?

Wait of course we want it in its own plugin. My bad - put it in mu-plugins: https://github.com/cuny-academic-commons/cac/commit/e96c052bd7f33edd115364eb5f58450bcf3817f6

If I need to make a request of A/V at the GC about this, please just let me know what I need to ask. Thanks.

Thanks, Matt. You could point them to this ticket, with the following summary:

A member of the CUNY Academic Commons has requested the ability to embed a video hosted on videostreaming.gc.cuny.edu directly on her commons.gc.cuny.edu site. Our dev team tried building a tool that would embed the video, but streaming was blocked due to an outdated access_token. We assume that the access_token is there to prevent hotlinking, but we're hopeful that you can make an exception in the case of the Commons. Is it possible to whitelist embeds from the Commons's IP address (146.96.128.200)? If, for technical reasons, you're not able to create a whitelist, it's possible for our team to scrape your pages in order to harvest a valid access_token. But we don't want to take this step without your blessing.

Please modify as you see fit, and feel free to put them directly in touch with me, either over email or through this ticket.

Email sent. Thanks, all.

Thanks, Boone and Matt! Sorry, should have realized that the access token would expire. Wishful thinking on my part ;-). Happy to pick this back up when you hear back, Matt!

Matt -
Did you ever hear back about this from GC A/V? Ola has contacted me again. Thanks!
- Marilyn

Hi Marilyn - I had brief contact with Joe from GC IT, but we kinda lost the thread. I'll follow up.

In the meantime, please let Ola know that we're looking into this, but that we can't make any promises about when it'll be implemented. Until it is, she'll have to use links to the videostreaming page instead of embeds.

I received a phone call from A/V and need to get back to them

Hi Boone,

I think you were back in touch with A/V. Was any resolution reached?

I spoke briefly with Joe. After running through a bit of troubleshooting, he passed my request along to his tech team. I haven't heard anything yet.

OK, I think we're ready to roll. Dan, here's where we stand.

I've spoken with the fine folks in IT who manage the videostreaming site. It turns out that the application they use has a public-facing API (one that IT didn't know they had!). We've been granted a specific set of credentials for accessing the API. You'll be using the credentials to fetch an access_token, which can then be used to generate embeds in the way you're already doing.

The API offers lots of stuff (see the docs I uploaded a few minutes ago) but we're only going to be using the initial oAuth2 handshake, using grant_type=password, in order to fetch an access_token. The request URL looks like this:

https://videostreaming.gc.cuny.edu/api/v1/?grant_password=password&username=$cac_username&password=$cac_password

where $cac_username and $cac_password are our credentials. I'm going to store the credentials as constants in our wp-config.php file, so you can access them using CAC_VIDEOSTREAMING_USERNAME and CAC_VIDEOSTREAMING_PASSWORD. Use add_query_arg() to build the URL, and use wp_remote_get() to make the request. Make sure to use the HTTPS URL - oAuth2 depends on SSL.

The response body (wp_remote_retrieve_body()) will contain the access_token you need, plus an expiry in seconds. I recommend that you use the following logic when building your markup:

$token_data = get_site_option( 'cac_videostreaming_token_data' );

// Assume we don't have a valid token.
$token_is_valid = false;
if ( isset( $token_data['expires'] ) && time() < $token_data['expires'] ) {
    // The token is OK if the expiry is in the future.
    $token_is_valid = true;
    $token = $token_data['token'];
}

if ( ! $token_is_valid ) {
    // Build the URL and make the request
    $request_url = whatever;
    $request = wp_remote_get( $request_url );
    // maybe check that the response code is 200, then get the token and expiry from the body
    $token = the access token sent back from the API

    $token_data = array(
        'token' => $token,
        'expires' => whatever // I think you should add the expiration in seconds to the timestamp of the response. Round down if in doubt :)
    );
    update_site_option( 'cac_videostreaming_token_data', $token_data );
}

// Now you have a valid $token and can build your markup

This logic will minimize authentication requests on their API - they should only happen once a day at most (token exipiry is 24hrs).

Thanks, Dan!

Sorry, forgot to add the creds before. They're now in wp-config https://github.com/cuny-academic-commons/cac/commit/c518b4ed35acbf4c237d9363bbb115c6d9b9b644

Okay thanks so much Boone for all the help with this! I think I've got it working here: https://github.com/cuny-academic-commons/cac/commit/d9f6bc78a1084e57f6f75e8bc5c99f31bd434913

Let me know if you see any issues! And thanks again!