I am working on a photo gallery app that is supposed to access private
images from a Flickr account. While it's pretty straight forward
accessing publicly viewable images from a Flickr user or account, there
seems to be a big problem with accessing private images AND keep
everything user friendly.
Here is what I am finding:
When using the Flex Flickr API, I get stuck with displaying a separate
window to authorize the Flex application to access the private images.
That's not the fault of the API, but rather a way Flickr is implementing
their authorization scheme.
From a user's perspective, this of course is silly for two reasons:
Number one, why having a RIA that keeps everything integrated and then
going outside of the web application to authorize access, and secondly,
this exposes the Flickr account in the secondary browser window, which I
definitely don't want.
I thought I had found a workaround by simply just calling the
authorization URL in a URLLoader like this:
var auth_url:String = flickrService.getLoginURL(
frob, AuthPerm.READ );
var loginLoader:URLLoader = new URLLoader();
var loginRequest:URLRequest = new URLRequest(auth_url);
loginLoader.addEventListener(Event.COMPLETE,loginRequestComplete);
loginLoader.addEventListener(SecurityErrorEvent.SECURITY_ERROR,loginSecurityError);
In the loginRequestComplete method I then proceed to getting the frob.
This works PERFECT on my local machine. I don't have to pop up a
separate browser window to authorize the application with Flickr and
everything proceeds to load the private images in the Flex application.
However, moving this to the web site, I get the dreaded security error
that states that the application cannot access data from the Flickr URL.
I looked at the URLs. Here is what I find:
auth_url in the above code snippet will start with
http://api.flickr.com/services/auth/?api_key=..., targeting the
api.flickr.com, for which Flickr has set up a crossdomain.xml file.
However, to check what's happening with the authorization process I use
the auth_url n a browser window and find that there is a redirect that
happens back to a URL of http://www.flickr.com/services/auth/?api_key=...
This means that my security error is triggered, because we are getting a
response back from the flickr.com domain and not the api.flickr.com
domain, at least that's what I assume is happening.
So, long write up and short question:
Has anyone made this work? What I am essentially after is a way to get
to the private images through the Flex Flickr API without having to
display the Flickr authorization window.
Thanks for any suggestions!
Jurgen
