Loading ...
Sorry, an error occurred while loading the content.

8824Re: [yws-flickr] flickr.groups.pools.add returns error 302

Expand Messages
  • Tim Miller
    May 29 9:21 AM
    • 0 Attachment
      Thanks for letting us know the root cause and contributing a fix.

      --Tim

      On May 28, 2014, at 4:43 PM, subscriber@... [yws-flickr] <yws-flickr@yahoogroups.com> wrote:

      ARRRRRRRRRRRRGGGGGGGGGHHHH!


      I found the problem. It turns out this is not Flickr problem after all. It's a bug in the FlickrKit framework that has nothing to do with auth tokens.

      I wanted to verify Tristan's suggestion that the request might be using a stale auth token, so I kept digging deeper and deeper into the FlickrKit framework code. I was just about to declare that I was 100% positive that same token was being used for both requests (the "upload" and the "add.group") when I noticed one breakpoint was never hit.

      It turns out it was NOT Flickr that was returning the "You do not have WRITE permission" error ... it was FlickrKit. FlickrKit remembers the permissions granted the app and uses that to pre-flight all requests. If you attempt to make a request that your app doesn't have permission to execute, it never gets to Flickr; FlickrKit returns the &quo! t;302" error to the caller without sending the request.

      The problem is in the "remember the permissions granted" part. There's a code path in FlickrKit that doesn't preserve the permissions variable and fails to restore it from the flickr.auth.checkToken reply. So after a while, the app forgets it has "WRITE" access and starts rejecting all calls that require "WRITE" access.

      I'm posting a patch to the FlickrKit project now. Sorry for all the noise.
       


    • Show all 11 messages in this topic