2

I am building a custom photo gallery for my site which uses Flickr as the backend. I feel like I need to authenticate with Flickr using the new Oauth system.

Everytime I look into using Oauth with Flickr it all shows how to do it to "provide in your applications a secure way for people to sign-in into their Flickr accounts"

I don't need anyone else to be able to sign into my site. I just need it signed in to MY Flickr account all the time. All the functionality that links to flickr is behind my own authentication system anyway.

Does anyone have any ideas how I can go about having it signed into MY account all the time and none of this sign into user accounts sort of stuff.

Thanks.

rctneil
  • 7,016
  • 10
  • 40
  • 83

2 Answers2

0

Having it signed into your account all the time is risky because others could look at the source code for your site and extract your username and password.

Instead of using OAuth, why don't you utilize the authentication key that Flickr provides when you sign up for an account?

Nischaal Cooray
  • 210
  • 2
  • 12
  • I am currently using that but there is one method I need to call which says "This method requires authentication with 'read' permission.". Any ideas on what I can do? – rctneil Aug 10 '14 at 08:57
  • The safest thing to do would be to get people to log in, but if you don't want to have to implement that, you would have to implement a server side that would store your details for you on a secure server where they would be harder to access. – Nischaal Cooray Aug 11 '14 at 02:49
0

You need an OAuth access token for most request involving photos that are not public. So unless the gallery you're building only accesses public photos, you'll need an OAuth access token.

Having said that, there are lots of 3rd party libraries (list on the api page) to handle most of the OAuth authentication and signing of each request. Once you've obtain an access token, you can persists locally in your database - it doesn't expire, but it can be revoked. Once you have the access token, you need it to sign most of the request you make to the api.

For example even to search your own photos - if they are private - requires an access token and a signed request.

ikumen
  • 11,275
  • 4
  • 41
  • 41