Re: [Flickr APIs] new authentication api

Jacob Jay <jacob-w1M1GQjzACPYtjvyW6yDsg@xxxxxxxxxxxxxxxx> wrote:
: This does appear to solve the issue. It might be good to support an array
as
: per Peter notes TypeKey does. It may not be a widespread setup but I use
: multiple domains with my site. The return URL could then be matched minus
: its query string against any of the URLs registered for that api_key.

the problem with that is it then requires us
to take this list from users.

another possible solutionis to take wildcard
masks from the applications themselves.

a call like this:

return_url=http://www.foo.com/users/cal/auth
&return_mask=http://www.foo.com/users/*/auth

flickr would then check that the return url
matched the wildcard and that the wildcard
wasn't *too* wild ('*', '*.com', etc.). if
this was the case, then the wildcard would
be stored against the api_key.

hmm, i see an issue here. each flickr user
would need to authorise it seperatly anyway.
it's a case of not asking a single user to
authorise the login more than once. no
matter, i think the above still applies.

so an application passes along a wildcard
mask with it's return url, so that it the
user has authorised another url in the mask
before, then they wont be prompted again.

can anyone see any flaws in this?


--cal