Premshree's (品速力) Personal Weblog

Stewart just posted about “big”—that’s the word he used—changes to the Flickr API. The major change is in the authentication API—something that I was expecting will happen (now that they’re part of Yahoo!).

So, briefly, this is how authentication will work:

• In addition to the API key, Flickr will issue a shared secret to each application/library.
• Whenever an application requires authentication, it goes through http://flickr.com/services/auth/. Here, the application has to pass an “API signature”, in addition to whatever other parameters. No user credentials are passed here.
• If the user is not already logged in to Flickr, he’s asked to. And then he’s asked whether he wishes to be authenticated against the application.
• The user can then choose to grant permissions to the application—read, write, delete.
• Once all this is done, the user is redirected to the “callback URL”—which is registered with the API key. (The return from authentication from non web-based applications is slightly different.)

The important thing? Users don’t type their credentials in the app itself. One of the reasons for doing this is to prevent phishing. I’m sure there’s been some Yahoo! influence here: we’re paranoid about such things.

Oh, yeah, another interesting thing Stewart mentioned:

...
The second reason is that eventually we'll have users who don't know/don't have Flickr credentials. For example, we'd like to be able to let people sign in to Flickr with their Yahoo IDs and transparently create accounts. Those users won't have a Flickr email/pass, but they should be able to still use API-based apps that require authentication.
...

That shouldn’t be surprising, no?

I’m gonna have to redo flickr-ruby when I get time. (The old style will continue to work for some time, though.)

That’s my name in Chinese. Apparently. It’s not accurate, actually. I forgot to ask Jill the exact pronounciation.

There’s lots of stuff I learned about the Chinese language recently... the only thing I *had* known earlier was that Chinese characters are not phonetic—each character “represents” something. Now I know that Chinese language books are read like Urdu language books—the beginning corresponds to the end in regular language books. Another interesting thing: words are read from top to bottom! No wonder many of the Chinese hoardings have words written vertically.

Some of what I understood might be wrong, but maybe not: this learning comes from my Taiwan and Hong Kong colleagues.

By the way, Edgar, these folks didn’t like Mainland China at all. But then they weren’t Mainland China folks either :D. Philip: no, I didn’t take them for Chinese food; *they* wanted to go.