The main bug is that the module accepts a variable (admin setting) called flickrapi_api_secret but doesn't use it when it instantiates the phpFlickr class.

new phpFlickr($api_key);

The bundled phpFlickr library supports a shared secret as the second constructor parameter, so I just assume its omission was an oversight.

In slightly poor discipline, I have created a patch not only for that bug, but also something more like an added feature. It adds the (newer?) authentication token variable and integrates it into the object creation when supplied. The great benefit of using an authentication token is that private Flickr photos can be shown.

CommentFileSizeAuthor
#1 extra_api_settings-1320154-1.patch1.85 KBhughbris

Comments

hughbris’s picture

hughbris commented
StatusFileSize
new extra_api_settings-1320154-1.patch1.85 KB

As per issue report, patch which also adds authentication token setting to allow private photo sharing.

seanr’s picture

seanr
he/him
commented

This looks great. I may have time to test this over the weekend. If I do and it works, I'll also start a D7 port of the patch.

BarisW’s picture

BarisW commented
Status: Needs review » Postponed (maintainer needs more info)

Hi Hugh,

could you explain what the use case here would be?
If I'm right, shouldn't the auth token be given after validating the app (after OAuth authentication)?

I think we need to implement #1420886: Use OAuth by July 31 cutover and then store the Authorization code in Drupal. This should not be set manually by the end-user, right? As far as can see, there is no way to get your auth code using the Flickr interface, right?

Please correct me if I'm wrong, but it seems that we can close this and implement #1420886: Use OAuth by July 31 cutover instead.

Whatever we do: first D7, then rollback to D6.

BarisW’s picture

BarisW commented

Ah, I see you already did a great job over at #1320302: Add an authentication token fetching tool!
I'll have a look what you've done (I just stepped in as co-maintainer and have to catch up with the current issues).

BarisW’s picture

BarisW commented
Status: Postponed (maintainer needs more info) » Fixed

I've added the $secret key to the flickr request (and committed to D6 & D7). Adding the authcode doesn't make sense for the time being, we need to focus on adding OAuth support. Marking this fixed, if you disagree please re-open.

Status: Fixed » Closed (fixed)

Automatically closed -- issue fixed for 2 weeks with no activity.