[Flickr APIs] new authentication api

this isn't released yet - i'd like some feedback on
it before it's released.

the old authentication api can be found here:
http://www.flickr.com/services/services_auth.pdf

the new one works like this:

1) your app redirects the user to this url:
http://www.flickr.com/services/auth/?api_key={key}&action=login&return_url={return_url}

2) flickr checks the user is logged in, else
prompts them to log in

3) flickr asks the user if they want to let the
application get their auth details. this step is
performed only once per app_key/user combo.

4) flickr redirects the user to the url sent in
the {return_url} param, with an extra GET argument
called 'token' tacked on the end.

5) this token can then be used in subsequent API
calls (as a named argument 'token') in lieu of
the 'email' and 'password' parameters. the token
is tied to the api_key.


the major difference from the old auth api is it
lets you define the return url dynamically, so you
can include custom data in it, or more importantly,
build it into an installed product and have the
auth bounce back to the installation being used
(think 'wordpress') without needing an api_key for
each installation.

once the token is recieved, then the full api can
be used, without ever having to get the user to
input their login details anywhere but flickr.com

--cal