jamalfanaian 7:24pm, 21 June 2011
We’re happy to announce that Flickr now supports OAuth! We've added support of OAuth 1.0a to our API. As part of this announcement, we would also like to note that the old Flickr authentication is now deprecated, and is expected to be disabled early 2012.

Please follow the link below to our blog post that includes more information and a link to the documentation.


Feel free to post any questions or report any issues in this thread, or our dev mailing list.
jamalfanaian 8 years ago
The graph displayed in the OAuth documentation page is currently only displayed in English, regardless of the selected language. We're working to resolve this issue, and should have it updated with all the supported languages soon.
cluitje 8 years ago
How is this OAuth API supposed to work with applications that are not web applications but good ol' desktop applications? In that case there is no web address to call back to (assuming the application is behind a firewall).

The OAuth spec mentions specifiying the special value "oauth_callback=oob" for that case ('oob' for 'out-of-band' callack), but doesn't specify how that case is actually handled (at least not that I could see). How will Flickr handle this case? Somehow the user has to bring information from his authentication (the verifier) back into the application - is there a mechanism to copy and paste it or something like that?
Sam Judson 8 years ago
Yes, I'd be very interested in knowing this as well.
jamalfanaian 8 years ago
That is a great question! Although, it is not yet explained in our documentation, we do support the out-of-band flow.

If you pass "oauth_callback=oob" when getting a request token, we will give the user a 9-digit verifier after they authorize your application which can be entered back into the application, and used as the "oauth_verifier" when requesting an access token.
dajobe Posted 8 years ago. Edited by dajobe (member) 8 years ago
The docs for OAuth that are pointed to- oauth.net/core/1.0a/ - have a big banner saying they are out of date and refer you to the RFC at tools.ietf.org/html/rfc584 which is the OAuth 1.0 (or is it 1.0a?) standard. It has a different set of terminology especially around the two sets of request/response tokens. Maybe you could point to that and use it's terms? It's rather confusing to have to interpret.
simonm 8 years ago
The example authorisation URL given in the docs is www.flickr.com/services/oauth/authorize

That is too long for a user to type in manually if you on a system where you cannot launch a browser directly. The old API used shorter, more manageable URLs, in this situation.

Will you automatically generate a short URL with OAuth when "oauth_callback=oob" is given in the request?
Yang Yu's Album 8 years ago
The returned OAuth token seems not working for me. When i go to the authorize page with the oauth token returned from Flickr, there is actually a new option "Showing you public photos and/or video from Flickr", and apparently not having any other permissions.

Then click on the Authorize button, it would say "Oops! Flickr doesn't recognise the permission set."

Anyone could tell me where might went wrong here?
tarmo888 Posted 8 years ago. Edited by tarmo888 (member) 8 years ago
Why break something that was working ok. OAuth support is nice, but I don't understand the need to disable old methods.

Does that mean, we are going to see tons of broken apps in early 2012?
JajaPol 8 years ago
Please explain how to upload photos using OAuth and update this topic: www.flickr.com/groups/api/discuss/72157626950280601/
jazzychad 8 years ago
It seems like mobile apps are being broken when trying to do web-based callback-driven oauth login flow. Please see this thread and please explain whether this is a bug or intentional? www.flickr.com/groups/api/discuss/72157626965650271/
Sizam 8 years ago
Bump for jazzychad's request, I'm experiencing the same issue.
There's a typo in the OAuth API documentation:

In the section entitled "Exchanging the Request Token for an Access Token": www.flickr.com/services/api/auth.oauth.html#authorization

Here's the current docs:

Access Token URL:

It should be access_token not authorize, like so:

Access Token URL:
blaskomm 8 years ago
@Yang and Yun's Album

I ran to the same problem and the solution for me was to add optional "perms" parameter to the authorize request:


Hope it will work for you too :)
jamalfanaian 8 years ago
Thanks for bringing this issue to our attention. As reported in the mailing list, this bug was introduced last week (Jun 30). The authorize redirect should now be working correctly.

Thanks for pointing that out, the docs have been updated.
nileshbjoshi 8 years ago
Do you have any plans for xAuth support?
kevin.shipley 8 years ago
I have not yet read through the OAuth API standard but I have read through the Flickr OAuth doc. Is there anything non-standard about the Flickr API? Should any OAuth library written to the 1.0 standard work with Flickr? Thanks and looking forward to using this!
Sam Judson 8 years ago
That, presumably is the intention yes.

I haven't tried it, and I don't know if any OAuth libraries could be used for calling the rest of the API, but as far as the authentication flow then I suspect any OAuth library should work fine.
wudi140 8 years ago
this is useless, why are user ids more unique? Posted 8 years ago. Edited by this is useless, why are user ids more unique? (member) 8 years ago
Hi Jamal:

Thanks for looking into this, but the docs are still incorrect.

This part:
Exchanging the Request Token for an Access Token
Access Token URL:

Should be:
Exchanging the Request Token for an Access Token
Access Token URL:

Note the "access_token" portion in the URI
Sam Judson 8 years ago
The documentation now appears to be fixed.
Yang Yu's Album 8 years ago
 blaskomm: Thanks for the help and it appears working now!
Velo Steve 7 years ago
I really think that Flickr should get more involved in Oauth libraries for some of the more popular languages.

For example, I'm developing an Android app. All of the Java libraries I find are either dead-end projects, amazingly badly documented, or simply fail without useful error messages. If you would endorse and support one library for each of the most popular languages, you would probably see more happy developers, and more nice apps with Flickr support.

I suppose I'll just build my own Flickr Oauth access code from scratch.
Groups Beta