I'm making a website for a friend where he can view photos from his wedding. I created a Google account, and loaded the photos to that account's Picasa. I then wrote a small PHP app that gets the URLs for all the images in that one album, and makes a nice little viewer for him.
I'm authenticating using oauth2, but I don't want anyone who goes to this app to have to sign in to that Google account to authorize the app to get the photo URLs.
My question is, what would be the best way to authorize the Google account on the server without any input from the user? I could then make my own application specific password that my friend can give to people so that they can see the photos, and no one has to worry about the Google account username and password but me.