问题
I am building a custom photo gallery for my site which uses Flickr as the backend. I feel like I need to authenticate with Flickr using the new Oauth system.
Everytime I look into using Oauth with Flickr it all shows how to do it to "provide in your applications a secure way for people to sign-in into their Flickr accounts"
I don't need anyone else to be able to sign into my site. I just need it signed in to MY Flickr account all the time. All the functionality that links to flickr is behind my own authentication system anyway.
Does anyone have any ideas how I can go about having it signed into MY account all the time and none of this sign into user accounts sort of stuff.
Thanks.
回答1:
Having it signed into your account all the time is risky because others could look at the source code for your site and extract your username and password.
Instead of using OAuth, why don't you utilize the authentication key that Flickr provides when you sign up for an account?
回答2:
You need an OAuth access token for most request involving photos that are not public. So unless the gallery you're building only accesses public photos, you'll need an OAuth access token.
Having said that, there are lots of 3rd party libraries (list on the api page) to handle most of the OAuth authentication and signing of each request. Once you've obtain an access token, you can persists locally in your database - it doesn't expire, but it can be revoked. Once you have the access token, you need it to sign most of the request you make to the api.
For example even to search your own photos - if they are private - requires an access token and a signed request.
来源:https://stackoverflow.com/questions/25226956/flickr-authentication-with-oauth