When I first came across the question “How to use Flickr desktop authentication in web applications?” my reaction was “Why would you want to do that!!” A brief investigation revealed that there is a usability advantage with doing that. If you have used Flickr authentication for web applications you would know that you have to input a callback URL at Flickr for the process to complete. The authentication process is perfect/seamless for web apps which are not self hosted by end users, an example being Fluidr which allows you to comment, fav explored photos. However many end users are confused if you ask them to do this step – particularly true for a lot of WordPress users 
In these cases having desktop authentication work flow works better. Flickr API documentation does explain how to authenticate a desktop application do read it carefully but it can be a bit confusing to translate to a web application.
I will be using phpFlickr class for the code and will skip the part about applying for API key and how to select ‘Desktop Application‘ as the authentication type. I am also assuming that you have downloaded phpFlickr and placed where your scripts can find it.
The code works in two steps. The first step consists of requesting a frob and creating a link which when clicked will validate the requested frob and grant permissions for that frob. Lets see how the code will be for this step.
- require_once("phpFlickr.php");
- //This can 'read', 'write' or 'delete'
- $perms = 'write';
- $apikey = "replace with your api key";
- $sharedsecret = "replace with your shared secret";
- $f = new phpFlickr($apikey, $sharedsecret);
- // Request a frob
- $frob = $f->auth_getFrob();
- // We are going to need that frob later so..
- $_SESSION['frob'] = $frob;
- //The call to the API need to be signed - so we create a signature thus
- $api_sig = md5($f->secret . 'api_key' . $f->api_key . 'frob' . $frob . 'perms' . $perms);
- //and append the signature to the URL we will send the user to..
- $url = 'http://flickr.com/services/auth/?api_key=' . $f->api_key . '&frob=' . $frob . '&perms=' . $perms . '&api_sig=' . $api_sig;
- echo "<a href='$url' target='_blank' >Click Here to complete Step 1</a>";
- // You may need to politely explain here to your end users what to expect at flickr and when they have completed
- // Step 1 they should click the link to Step 2
- echo "<a href='step2.php'>Step 2</a>";
Have commented the code and it is pretty self explanatory. On to step 2, which is even more simple, you just have to convert the frob to a token.
- require_once("phpFlickr.php");
- $apikey = "replace with your api key";
- $sharedsecret = "replace with your shared secret";
- $f = new phpFlickr($apikey, $sharedsecret);
- $auth = $f->auth_getToken($_SESSION['frob']));
- // $auth['token'] will now have the authentication token if everything went OK
- // You can store this permanently somewhere like a database ;-)
- // Let the phpFlickr instance you have a token
- $f->setToken($auth['token']);
- // Now you can make any authenticated call to flickr and it should work
The thing to remember here is that the token will continue to work as long as you do not make another auth_getFrob call. If you do get another frob you will have to validate the frob again – this is in fact the method to reset or renew a token. Lastly the code above is just to explain the process, it can be written a bit more elegantly in a single php file using some control structures – just do it!
Try it out and let me know how it goes 
No comments yet.