Loading ...
Sorry, an error occurred while loading the content.
 

flickr.groups.pools.add returns error 302

Expand Messages
  • JBucanek
    I m having persistent problems with my new iOS app. Here s what it does: - authorize the user, requesting WRITE permission - make sure the user is a member of
    Message 1 of 11 , May 16 4:39 PM
      I'm having persistent problems with my new iOS app. Here's what it does:

      - authorize the user, requesting WRITE permission
      - make sure the user is a member of a specific group
      - upload a new image to the user's account
      - add the newly uploaded image to a group

      When the user first runs the app and logs in, this seems to work pretty reliably. If they return to the app later, however, it doesn't. The upload is successful, but then the flickr.group.pools.add method always returns the following error:

      Error Domain=com.devedup.flickrapi.ErrorDomain Code=302 "This method needs WRITE access, and you have only authorized READ access to your Flickr account."

      This really doesn't make much sense, because if the app didn't have write permission it shouldn't have been allowed to upload the image in the first place!

      I've tried various things (like adding a delay between the upload the group add request), but nothing seems to work. I've updated the app so that all requests are using the new SSL endpoints.
    • Tristan Savatier
      when you return to the app, are you sure you use the very same access token that you got when you previously authorized the user? maybe you used another, older
      Message 2 of 11 , May 16 7:04 PM
        when you return to the app, are you sure you use the very same access
        token that you got when you previously authorized the user?

        maybe you used another, older access token that does not have the
        WRITE permission?

        -t

        On Fri, May 16, 2014 at 4:39 PM, subscriber@... [yws-flickr]
        <yws-flickr@yahoogroups.com> wrote:
        >
        > I'm having persistent problems with my new iOS app. Here's what it does:
        >
        > - authorize the user, requesting WRITE permission
        > - make sure the user is a member of a specific group
        > - upload a new image to the user's account
        > - add the newly uploaded image to a group
        >
        > When the user first runs the app and logs in, this seems to work pretty reliably. If they return to the app later, however, it doesn't. The upload is successful, but then the flickr.group.pools.add method always returns the following error:
        >
        > Error Domain=com.devedup.flickrapi.ErrorDomain Code=302 "This method needs WRITE access, and you have only authorized READ access to your Flickr account."
        >
        > This really doesn't make much sense, because if the app didn't have write permission it shouldn't have been allowed to upload the image in the first place!
        >
        > I've tried various things (like adding a delay between the upload the group add request), but nothing seems to work. I've updated the app so that all requests are using the new SSL endpoints.
        >
        >
        > ------------------------------------
        >
        > Yahoo Groups Links
        >
        >
        >
      • JBucanek
        Tristan, Yes, I save the access token and reload it when the app starts up again. Besides, I m using the same auth token for the upload that I do for the
        Message 3 of 11 , May 16 10:19 PM
          Tristan,

          Yes, I save the access token and reload it when the app starts up again.

          Besides, I'm using the same auth token for the upload that I do for the flickr.groups.pools.add method. If that token didn't have write access, why would the upload succeed?
           
        • JBucanek
          This problem persists. I ve tried numerous tests, and I m still getting the same error. The real problem is that it doesn t happen until my app has been using
          Message 4 of 11 , May 24 9:56 AM
            This problem persists.

            I've tried numerous tests, and I'm still getting the same error. The real problem is that it doesn't happen until my app has been using its access token for more than a day—which also really slows down testing.

            I've tried getting both WRITE and DELETE access for my app. The app is always granted the requested access, and the requested access level shows up on my "Apps You're Using" page.

            If I then attempt to upload an image and add it to a group, it's always successful. It doesn't matter how many times I restart or reuse my app, or whether I've requested WRITE or DELETE access, as long as the access token was just issued the bug doesn't happen.

            I then wait a day. When the app starts up again, it verifies that the access token it saved is valid (via flickr.auth.oauth.checkToken). It then performs an upload using that token (successful) and then it tries to add the just-uploaded image to a group. The flickr.groups.pools.add method fails with error 302 (you must have WRITE access and you only have READ access). Again, I check my "Apps You're Using" page and is show my app still has DELETE (or WRITE) access.

            I'm really stuck. There's every indication that this is a Flickr bug and I haven't been able to find any workaround (except to force the user to reauthorize their app every time they want to use it, which is ridiculous).
             
          • Sam Judson
            The waiting a day makes it sound like you are using the API key used by the API Explorer - which expires after a day. Other than that I can t think of
            Message 5 of 11 , May 27 3:35 AM
              The 'waiting a day' makes it sound like you are using the API key used by the API Explorer - which expires after a day.

              Other than that I can't think of anything to suggest.

              Sam


              On 24 May 2014 17:56, subscriber@... [yws-flickr] <yws-flickr@yahoogroups.com> wrote:
               

              This problem persists.


              I've tried numerous tests, and I'm still getting the same error. The real problem is that it doesn't happen until my app has been using its access token for more than a day—which also really slows down testing.

              I've tried getting both WRITE and DELETE access for my app. The app is always granted the requested access, and the requested access level shows up on my "Apps You're Using" page.

              If I then attempt to upload an image and add it to a group, it's always successful. It doesn't matter how many times I restart or reuse my app, or whether I've requested WRITE or DELETE access, as long as the access token was just issued the bug doesn't happen.

              I then wait a day. When the app starts up again, it verifies that the access token it saved is valid (via flickr.auth.oauth.checkToken). It then performs an upload using that token (successful) and then it tries to add the just-uploaded image to a group. The flickr.groups.pools.add method fails with error 302 (you must have WRITE access and you only have READ access). Again, I check my "Apps You're Using" page and is show my app still has DELETE (or WRITE) access.

              I'm really stuck. There's every indication that this is a Flickr bug and I haven't been able to find any workaround (except to force the user to reauthorize their app every time they want to use it, which is ridiculous).
               


            • JBucanek
              Sam, A good observations, but no ... I m not using the API explorer key. I m using my app s key and the auth token returned from Flickr. All of this is managed
              Message 6 of 11 , May 27 9:48 AM
                Sam,

                A good observations, but no ... I'm not using the API explorer key. I'm using my app's key and the auth token returned from Flickr. All of this is managed by the FlickrKit framework I'm using, so I'm highly confident that the app key and auth token are being managed correctly.

                Besides, I continue to fall back to what I see is the smoking gun: My app performs an upload and then adds the newly uploaded photo to a group. Why does the upload succeed, but the flickr.groups.pools.add method fail? Both require WRITE access.

              • Tristan Savatier
                what happens if do not do the upload, and instead you add an existing image to a group? do you get the same 302 error? -t On Tue, May 27, 2014 at 9:48 AM,
                Message 7 of 11 , May 27 11:40 AM
                  what happens if do not do the upload, and instead you add an existing image to a group?

                  do you get the same 302 error?

                  -t


                  On Tue, May 27, 2014 at 9:48 AM, subscriber@... [yws-flickr] <yws-flickr@yahoogroups.com> wrote:


                  Sam,

                  A good observations, but no ... I'm not using the API explorer key. I'm using my app's key and the auth token returned from Flickr. All of this is managed by the FlickrKit framework I'm using, so I'm highly confident that the app key and auth token are being managed correctly.

                  Besides, I continue to fall back to what I see is the smoking gun: My app performs an upload and then adds the newly uploaded photo to a group. Why does the upload succeed, but the flickr.groups.pools.add method fail? Both require WRITE access.




                • JBucanek
                  Tristan, Good question. Short answer: yes Here s what I did: - Ran the existing app using an auth token that was issued a few days ago. As expected, the upload
                  Message 8 of 11 , May 27 8:59 PM
                    Tristan,

                    Good question. Short answer: yes

                    Here's what I did:

                    - Ran the existing app using an auth token that was issued a few days ago. As expected, the upload was successful but the add-to-group failed.

                    - I then hacked the app so it would not perform the actual upload and would skip directly to the add-to-group using the photo id I copied from the previous test. Again, the add-to-group failed.

                    - I then selected an image in my photo stream that I'd uploaded months ago and tried with its ID. Again, the add-to-group failed.

                    - I then logged out of Flickr and requested an new auth token and repeated the same test. The add-to-group method was successful.

                    It's becoming clearer that this problem is with the flickr.groups.pools.add method and it only occurs when the auth token is old.


                    ---In yws-flickr@yahoogroups.com, <tristan@...> wrote :

                    what happens if do not do the upload, and instead you add an existing image to a group?

                    do you get the same 302 error?

                    -t

                  • Tristan Savatier
                    so it has nothing to do with uploading. what s really strange is that the token allows you to upload, but not to add-to-group. are you 100% that you are using
                    Message 9 of 11 , May 27 9:16 PM
                      so it has nothing to do with uploading.

                      what's really strange is that the token allows you to upload, but not to add-to-group.

                      are you 100% that you are using the same token that was working before, and that when you are uploading (successfully), you are also using the same token than the one you use to add-to-group?

                      there are some weird bugs where you could be using some other token without knowing it... so make sure you trace the complete URL of each request abd check the token in them.

                      -t


                      On Tue, May 27, 2014 at 8:59 PM, subscriber@... [yws-flickr] <yws-flickr@yahoogroups.com> wrote:
                      It's becoming clearer that this problem is with the flickr.groups.pools.add method and it only occurs when the auth token is old.


                    • JBucanek
                      ARRRRRRRRRRRRGGGGGGGGGHHHH! I found the problem. It turns out this is not Flickr problem after all. It s a bug in the FlickrKit framework that has nothing to
                      Message 10 of 11 , May 28 4:43 PM
                        ARRRRRRRRRRRRGGGGGGGGGHHHH!

                        I found the problem. It turns out this is not Flickr problem after all. It's a bug in the FlickrKit framework that has nothing to do with auth tokens.

                        I wanted to verify Tristan's suggestion that the request might be using a stale auth token, so I kept digging deeper and deeper into the FlickrKit framework code. I was just about to declare that I was 100% positive that same token was being used for both requests (the "upload" and the "add.group") when I noticed one breakpoint was never hit.

                        It turns out it was NOT Flickr that was returning the "You do not have WRITE permission" error ... it was FlickrKit. FlickrKit remembers the permissions granted the app and uses that to pre-flight all requests. If you attempt to make a request that your app doesn't have permission to execute, it never gets to Flickr; FlickrKit returns the "302" error to the caller without sending the request.

                        The problem is in the "remember the permissions granted" part. There's a code path in FlickrKit that doesn't preserve the permissions variable and fails to restore it from the flickr.auth.checkToken reply. So after a while, the app forgets it has "WRITE" access and starts rejecting all calls that require "WRITE" access.

                        I'm posting a patch to the FlickrKit project now. Sorry for all the noise.
                         
                      • Tim Miller
                        Thanks for letting us know the root cause and contributing a fix. --Tim On May 28, 2014, at 4:43 PM, subscriber@gloaming.com
                        Message 11 of 11 , May 29 9:21 AM
                          Thanks for letting us know the root cause and contributing a fix.

                          --Tim

                          On May 28, 2014, at 4:43 PM, subscriber@... [yws-flickr] <yws-flickr@yahoogroups.com> wrote:

                          ARRRRRRRRRRRRGGGGGGGGGHHHH!


                          I found the problem. It turns out this is not Flickr problem after all. It's a bug in the FlickrKit framework that has nothing to do with auth tokens.

                          I wanted to verify Tristan's suggestion that the request might be using a stale auth token, so I kept digging deeper and deeper into the FlickrKit framework code. I was just about to declare that I was 100% positive that same token was being used for both requests (the "upload" and the "add.group") when I noticed one breakpoint was never hit.

                          It turns out it was NOT Flickr that was returning the "You do not have WRITE permission" error ... it was FlickrKit. FlickrKit remembers the permissions granted the app and uses that to pre-flight all requests. If you attempt to make a request that your app doesn't have permission to execute, it never gets to Flickr; FlickrKit returns the &quo! t;302" error to the caller without sending the request.

                          The problem is in the "remember the permissions granted" part. There's a code path in FlickrKit that doesn't preserve the permissions variable and fails to restore it from the flickr.auth.checkToken reply. So after a while, the app forgets it has "WRITE" access and starts rejecting all calls that require "WRITE" access.

                          I'm posting a patch to the FlickrKit project now. Sorry for all the noise.
                           


                        Your message has been successfully submitted and would be delivered to recipients shortly.