auth.getToken to exchange the
frob for the token. Frobs aren??™t meant to be the permanent representation of an authorization
act. Frobs expire after 60 minutes or after flickr.auth.getToken is used to redeem the frob for
a token. This exchange ensures that ContactLister receives a token and that Flickr knows that
ContactLister has received the token. Note that flickr.auth.getToken is also a signed call with
two mandatory arguments: api_key and frob??”in addition to api_sig, of course. The returned
token is expressed in the following form (quoting from http://www.flickr.com/services/api/
flickr.auth.getToken.html):
CHAPTER 6 ?– LEARNING WEB SERVICES APIS THROUGH FLICKR 160
976598454353455
write
Note that it??™s the token that tells ContactLister the details of what is being authorized: the
Flickr user and the permission granted. Now, ContactLister knows the Flickr identity of Lois??”
without ever needing Lois to tell ContactLister directly.
Step 4: ContactLister Can Now Make an Authorized and Signed Call
ContactLister can now actually make the call to flickr.contacts.getList. How so? In addition
to signing a call to flickr.contacts.getList, ContactLister adds the appropriate authorization
information by adding the following argument to the call and signing it appropriately:
auth-token={token}
We should note moreover that Lois, like all users, can revoke any permission she had
previously granted here:
http://flickr.
Pages:
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293