Flickr have just made a slight change to the way in which the authentication for third-party applications works. Now, whenever you redirect to Flickr for authentication, the user is forced to grant permissions to your application again—even if they have previously granted the necessary permissions:
This means that third-party applications can no longer silently retrieve a token for you—although, they can still store a token away and keep using that until the user revokes it. Over on the Flick Developer's Mailing List, Stewart says that this is the result of fixing a security-related problem. Fixing potential security holes is, of course, a very good thing. On the other hand, the authentication process now becomes rather clunky from a user's point of view.
Stewart goes on to say:
"we are planning on improvements to the user experience of the auth flow soon, so […] it won't seem as jarring for users."
I do hope those improvements aren't a long time in coming...
Update: and a few days later, the changes are rolled back—apparently they're not necessary for web authentication.
Comment on this entry
Thanks for signing in, . Now you can comment. (sign out)
(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)