Example Flickr API with oAuth in ColdFusion

Just thought I would share how I implemented a (for now) a very simple Flickr API in ColdFusion, using the oAuth library from http://oauth.riaforge.org/.

If you have ever worked oAuth before, you know it can be somewhat frustrating at first, even if you know the ‘oAuth dance’.  You can look at the steps over here.  Below is how I see it happening from the consumer point of view (my basic understanding)…
1) Hey Flickr, I’m going to need you to ask a user to authorize my app. [ Get Request Tokens ]
2) Hi User, Flickr needs to make sure this is okay with you, go talk to them.  [ Send User to Flickr ]
3) User is sent to Flickr and authorizes my app.
4) Welcome back User [ get Verifier key ]
5) Hey Flickr, that was easy, can I exchange these Request Tokens and Verifier key for Access Tokens for this user?  [ Get Access Tokens ]

Sounds simple, until you get into the nitty gritty of signatures, timestamps, parameters, and whatever the heck a nonce is.  Thankfully the oAuth library from Harry Klein makes most of this super simple.

Below are two events in my Coldbox handler, and attached is the FlickrService that gets called.

When the Confirm event is called, it will store the http referrer where the request came from in the session, so we can send the user back there once we’ve been authorized by the user and flickr.  Then it calls the FlickrService to setup some request tokens and store them in the session as well.  Lastly it asks the FlickrService to construct the Flickr Authorize URL and redirects the user there.

Once the user authorizes and Flickr sends them back to me, we tell the FlickrService to make a call to Flickr to exchange the Request Tokens for Access Tokens using the stored session variables and the oauth_verifier key that came back along with the user.  Once we have the Access Tokens, we just store them in the user model for future use.  Once that’s done, send the user back to the page where they came from to begin with. (The referrer stored in the session earlier)
[The Redirect event being the callback URL configured in the Flickr App settings]

public void function confirm(Required Event) {
var rc = Event.getCollection();
var prc = Event.getCollection( private=true );
var referrer = "http://#cgi.server_name##cgi.path_info#";
SessionStorage.setVar('flickr_referrer', referrer );

var tokens = FlickrService.getRequestTokens();

SessionStorage.setVar('flickr_client_token', tokens.oauth_token );
SessionStorage.setVar('flickr_client_token_secret', tokens.oauth_token_secret );

var sAuthURL = FlickrService.getFlickrAuthorizeURL( tokens.oauth_token, tokens.oauth_token_secret );



public void function Redirect(Required Event) {
var rc = Event.getCollection();
var prc = Event.getCollection( private=true );
var referrer = SessionStorage.getVar('flickr_referrer','');

var Tokens = FlickrService.getAccessTokens( rc.oauth_verifier, SessionStorage.getVar('flickr_client_token'), SessionStorage.getVar('flickr_client_token_secret') );

FlickrService.linkFlickrAccount( prc.current_user, tokens.user_nsid, tokens.username, tokens.oauth_token, tokens.oauth_token_secret );

if(len(trim(referrer))) {
location(referrer, false);
} else {

Here is the FlickrService component.  Though in my example we’re passing a User object around, you can easily change this to a struct, strings, whatever you may prefer.  The basic idea is to always pass the users Access Tokens, and some other minor things like the users Flickr user id (nsid).

Questions / Comments are welcome.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>