Getting Authentication Token from Client Key and Client Secret

If using the flickcurl command line tool, create a file ~/.flickcurl.conf with the two values found in the previous section - API becomes oauth_client_key and the Shared Secret becomes oauth_client_secret like this:


Next the Request Token, Request Token Secret need to be created and the Authentication URL generated from them.

The request token is created using the API request: flickcurl_oauth_create_request_token() which takes an optional Callback URL argument, that can be used for the browser to redirect to, if required. Otherwise use "oob" or NULL. It creates and sets the Request Token and Request Token Secret in the flickcurl object, which can be returned with: flickcurl_get_oauth_request_token() and flickcurl_get_oauth_request_token_secret().

   rc = flickcurl_oauth_create_request_token(fc, callback);
   request_token = flickcurl_get_oauth_request_token(fc);
   request_token_secret = flickcurl_get_oauth_request_token_secret(fc);
   uri = flickcurl_oauth_get_authorize_uri(fc);

The flickcurl(1) utility can also perform this sequence with:

  $ flickcurl oauth-create

which will print the request token, request token secret and Authentication URL. This command takes an optional callback URL argument.

The resulting request token and secret will look like 72157626737672178-022bbd2f4c2f3432 and fccb68c4e6103197 respectively.

The Authentication URL should then be used to prompt the user a web browser to validate the request.

Flickr will return a page that says something like:

  "[APP NAME] wants to link to your Flickr account"

with more information and two buttons. Click the button with the text:


Flickr App Garden - Mobile Auth

Flickr will then return the 9-digit Verifier that looks like 123-456-789 In one of two ways depending if a callback URL was given:

  1. Callback URL: Returns a redirect to the Callback URL with a query parameter oauth_verifier whose value is the Verifier. The application has to extract that value and pass it to the flickcurl library.

  2. No callback URL: Will display a page that shows the Verifier. This will require the user to type it into the application.

Now the Request Token, Request Token Secret and Verifier can be used to generate the Access Token and Access Token Secret.

  /* These are required to be set for this call */
  flickcurl_set_oauth_request_token(fc, request_token);
  flickcurl_set_oauth_request_token_secret(fc, request_token_secret);

  rc = flickcurl_oauth_create_access_token(fc, verifier);

This sets the Access Token and Access Token Secret in the flickcurl object, which can be returned with: flickcurl_get_oauth_token() and flickcurl_get_oauth_token_secret(). The application should then store these values for use in making API calls along with the Client Key and Client Secret.

The flickcurl(1) utility can also perform this verification with:

  $ flickcurl oauth-verify 72157626737672178-022bbd2f4c2f3432 fccb68c4e6103197 123-456-789
  flickcurl: OAuth access token returned token '72157626737672178-022bbd2f4c2f3432' secret token 'fccb68c4e6103197'
  flickcurl: Updated configuration file /Users/NAME/.flickcurl.conf with authentication token

It writes the resulting Access Token and Access Token Secret to the ~/.flickcurl.conf configuration file as the oauth_token and oauth_token_secret fields to give something like:

  $ cat ~/.flickcurl.conf

At this stage, the flickcurl(1) utility or library is authenticated and ready to use.