oltu-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jasha Joachimsthal <ja...@apache.org>
Subject Re: Yahoo user authentication using Oltu
Date Sat, 10 Jan 2015 00:23:05 GMT
Hi,

Yahoo supports the same authorization code flow as Google and
Microsoft, but you cannot copy-paste the implementation dus to subtle
differences. You can find the Yahoo documentation on [1]

For Yahoo your callback uri must be accessible on port 80 or 443.
Other ports are not accepted in the authorization flow and lead to
error pages.

When requesting an AccessToken, the clientId and clientSecret should
be set in the Authorization header, while all other parameters must be
in the request body. The AccessToken response contains the user id.

final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
    .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
    .setGrantType(GrantType.AUTHORIZATION_CODE)
    .setRedirectURI(https://myapplication.example.com/callback)
    .setCode(code)
    .buildBodyMessage();

final String up = clientId + ":" + clientSecret;
final byte[] base64 = Base64.encodeBase64(up.getBytes());
String authorizationHeader = "Basic " + new String(base64);
oAuthClientRequest.addHeader("Authorization",
base64EncodedBasicAuthentication(idp));

return getoAuthClient().accessToken(oAuthClientRequest);


To get a user profile the access token must be sent via an http header:

final String profileUrl =
String.format("https://social.yahooapis.com/v1/user/%s/profile?format=json",
yahooGuid);
final OAuthClientRequest bearerClientRequest = new
OAuthBearerClientRequest(profileUrl)
    .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
    .buildHeaderMessage();

return getoAuthClient().resource(bearerClientRequest,
OAuth.HttpMethod.GET, OAuthResourceResponse.class);


[1] https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for-server-side-apps

Regards,

Jasha

On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD]
<Ashwanth.Tiburtius@iwd.iowa.gov> wrote:
> Hi,
>
>
>
> I am doing a poc to use Apache Oltu to authenticate Google, Microsoft and
> Yahoo users. Oltu works great for Google and Microsoft user authentication
> but I am not sure if I can use it for Yahoo as well. Yahoo seems to have a
> different process compared to other content providers like Google where you
> setup your application as a client and get the client id and client secret,
> and use those to authenticate a yourself and the resource owner but Yahoo
> seems to be handling this differently. Has anyone tried to authenticate a
> Yahoo user using Oltu? Any help in this regard would be awesome. Thank you
> for your response and your time.
>
>
>
> Thanks,
>
> Jude.
>
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  50319
>
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>

Mime
View raw message