It seems like one would need to check if a user's token is still valid (i.e. if they have manually revoked permissions). flickr.auth.checkToken seems to never return "none" for permissions if they are revoked, but simply an error: "error 98 invalid auth token".

Is there a good way to redirect user's to flickr's authorization page so they can approve your app again if an error 98 is thrown?

I modified the send_request code and put it into my flickr controller to handle this in an ugly way. I use check_status, which returns either false if permissions have been revoked (actually any error) or the xml if it works. In my controller:

def send_flickr_request(flickr, method, options = {}, http_method = :get, endpoint = 'http://api.flickr.com/services/rest/')
  options.merge!(:api_key => flickr.api_key, :method => method)
  sign_flickr_request(flickr, options)

  rsp = request_over_http(options, http_method, endpoint)

  rsp = '<rsp stat="ok"></rsp>' if rsp == ""
  xm = XmlMagic.new(rsp)

  if xm[:stat] == 'ok'
    xm
  else
    false
  end
end

def sign_flickr_request(flickr, options, authorize = true)
  options.merge!(:auth_token => flickr.auth.token(false).to_s, :api_key => flickr.api_key) if authorize and flickr.auth.token(false)
  options.delete(:api_sig)
  options.merge!(:api_sig => Digest::MD5.hexdigest(flickr.api_secret + options.to_a.sort_by{|k| k[0].to_s}.flatten.join)) if flickr.api_secret
end

def request_over_http(options, http_method, endpoint)
  if http_method == :get
    api_call = endpoint + "?" + options.collect{|k,v| "#{k}=#{CGI.escape(v.to_s)}"}.join('&')
    Net::HTTP.get(URI.parse(api_call))
  else
    Net::HTTP.post_form(URI.parse(endpoint), options).body
  end
end

def check_status
  if current_user.flickr_token
    flickr = Flickr.new({:key => "MYKEY", :secret => "MYSECRET", :token => current_user.flickr_token})      
    @response = send_flickr_request(flickr,"flickr.auth.checkToken", {:auth_token => current_user.flickr_token})
  end
end

And then in check_status.html.erb:

<% if !@response %>
    Your token is no longer valid.  <%= link_to "Grab Some Permissions", flickr_authorize_path %>
<% else %>
    You have <%= @response.auth.perms %> permissions.
<% end %>

Any suggestions on a better way to handle this?

To support multi-tenant sites more easily, I added support for handling Flickr's (undocumented) "extra" parameter during authorization. Flickr accepts the "extra" parameter and passes is back during the callback. I use this parameter as a workaround for Flickr's inability to handle dynamic callback URLs.

More details about this are discussed in this Flickr support thread:
http://www.flickr.com/groups/api/discuss/72157601198885954/

Please pull this branch:
http://github.com/rmm5t/flickr_fu/tree/extra_param_on_auth_url

Relevant commit:
http://github.com/rmm5t/flickr_fu/commit/affa8c5a98f4de27d7952c154b6b9b5994949908

Could you update the version on gemcutter to 0.3.x ?

Thanks

I'm not sure I can verify this, but I seem to be having problems with my implementation where I can view most other details via other method calls just fine, but when I invoke .photosets.get_list and then try to view the title / description attributes on any of the sets that are returned they are always empty in spite of Flickr's web invocation of that call returning a title and description.

u.flickr_api.photosets.get_list.last
=> #<Flickr::Photosets::Photoset:0x7fb7c3ce4fc8 @title=, @id="[...]", @flickr=#[...], @token="[...]">, @token_cache=nil, @api_secret="...", @photosets=#<Flickr::Photosets:0x7fb7c39cf248 @flickr=#<Flickr::Base:0x7fb7c39cf1f8 ...>>, @api_key="...", @token="...">, @num_photos="13", @description=>

I tried to clean it up to remove some of the irrelevant data, but you can see the description and title attributes are both empty when I call the method in this way.

Hopefully I'm just invoking it wrong and there's an easy fix.