This page describes how users are authenticated and stored. It also covers how to make Flickr API Calls.

Contents

References


Obtaining a Flickr API Key

Any service that wishes to read/write/delete from a users account needs to obtain an API Key from Flickr. You can do this by going to http://www.flickr.com/services/api/keys/ and clicking on 'Apply for your key online now'. You will also receive a secret along with this key. To make these values availabe you must add the following lines to /app/config/config.php: 

    $config['Flickr'] = array(
      'key' => '<API KEY>',
      'secret' => '<SECRET>'
     );

These two values are used by the PHP Flickr Module to Authenticate the User as well as making Authenticated API Calls.


PHP Flickr Module

Download the files from http://sourceforge.net/projects/phpflickr. Unzip and move this folder into the path, or the same file as the executing script. NOTE: In the phpFlickr/ folder you may need to edit the first line of auth.php to read '<?php' instead of '<?'. This depends on your Apache settings.

The phpFlickr module is what allows us to make API calls At a high level, this is how the Flickr API works:

  • phpFlickr redirects the user to Flickr with a request for read/write/delete permissions along with our API key and a Signature. The Signature is the MD5 of the entire request concatinated with our secret
  • Flickr sends the user back with a 'frob'.
  • phpFlickr sends a request to Flickr with the API Key, frob, Signature and a request for a Token.
  • Flickr responds with a token.
  • From here we have authenticated the user, and can make API calls by sending a request with our API Key, Token, Signature and the API Call.

Fortunately, phpFlickr almost all of this dirty work for us.

The phpFlickr object is a property of a user. The API Key and Secret are automatically populated by the flickrable behavior of a user (AKA CakePHP does a lot of magic). This means that you can call the phpFlickr object via 

   User->flickr->someMethod();


User Authentication

Users can be authenticated by calling the User->authenticate() function. This calls flickr->auth() which starts the process explained in the above section. Flickr will send the user back to /users/finalize which will call call User->finalizeAuthentication(). This function finally calls flickr->auth_getToken(), which gets the Token required for making API calls.


Authenticated Flickr API Calls

Users can call API methods via the User->flickr object. However, in phpFlickr the API method names have a special syntax. We start with the API calls found at the Flickr API and then run a sort of transformation on the name. This transformation is described on the phpFlickr README: 

   "To call a method, remove the "flickr." part of the name and replace 
   any periods with underscores. For example, instead of 
   flickr.photos.search, you would call $f->photos_search() or instead 
   of flickr.photos.licenses.getInfo, you would call 
   $f->photos_licenses_getInfo() (yes, it is case sensitive)."


Session Management

Both phpFlickr and CakePHP do session management. phpFlickr's sessions are completely self contained, and you need not concern yourself with it. On the other hand, CakePHP's sessions are how we store user information across requests. We use this so that we can securely authenticate the user, while only needing to authenticate against Flickr once. Session data for the user can be accessed via Session->read(<data>) where <data> is a string corresponding to the information you want to get. The following user information is stored in the Session data and can be access via the strings in parenthesis:

  • The login/logout status of the user: 'User.logged_in'
  • The Flickr username of the user: 'User.username'
  • The Token used to make authenticated API calls: 'User.token'
  • The Flickr nsid of the user: 'User.flickr_user_id'
Retrieved from "http://code.flickribbon.com/docs/Security"