Authentication

Photonic supports authentication for all providers with the exception of native WP that has no concept of private photos.

Authentication lets you show your site’s visitors photos that they cannot see otherwise.

Authentication Basics (🔗)

Certain providers such as Instagram and Google put up extreme barriers around photos, causing everything to require authentication. Instagram has a very limited API and an arcane way of granting access, all in an attempt to pass the buck to overcome inherent flaws in its security. And Google went from an open model that was present in PicasaWeb to a stupefying and labyrinthine way to set up authentication of users.

To get around the shortcomings of such providers Photonic brings in server-side, or back-end authentication. In this case, you do the authentication (not your site’s visitors), and your visitors see what you are authorized to see (instead of what your visitors are authorized to see).

The setup for back-end authentication is slightly different for the providers because of the way they implement authentication:

  • For Instagram see here.
  • For Google Photos see here.
  • For all other providers use the following steps. Note that you will need to set up your API keys for Flickr, and SmugMug to get this working. SmugMug only needs an API key if you want to authenticate, not otherwise:
    1. You will see these fields in the settings page for your provider:
      A token and a secret are required
    2. Following the instructions, head over to Photonic → Authentication.
    3. For the provider that you want to authenticate for, click on the button to “Login and get Access Token”.
      Login and get token
    4. You will be taken to the provider’s page for authentication:
      The provider will ask you to authorize Photonic
    5. Once you authorize, you will be brought back to your authentication page (Photonic → Authentication), but this time with the token and the secret:
      Your token and secret are shown upon authorization
    6. Upon clicking “Save Token” the token and secret will be saved to the respective options page, and you will be taken there. Note that both, the token and the secret are required for Flickr and SmugMug.

You are now all set to display private photos to all your visitors.

Do bear in mind that token expiration is dependent on the provider:

  • Flickr, SmugMug and 500px use OAuth 1.0 for authentication and OAuth 1.0 tokens don’t automatically expire. This is documented explicitly for SmugMug and in various groups for Flickr.
  • Instagram’s tokens expire in 60 days. Once expired they cannot be renewed. To stay on the safe side, Photonic checks if you have less than 30 days left on your token. If so, it automatically refreshes the token for you anytime you access your site’s page. If, however, your token expires, you will have to reauthenticate.
  • Google’s approach is interesting – it issues you with a “Refresh token”, which you exchange for an “Access token”. The refresh tokens never expire, but the access tokens expire every 30 minutes or so. To take the sting out of reentering the access token every time, Photonic stores the refresh token and automatically pulls the access token for you if it has expired.