oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Tiburtius, Ashwanth [IWD]" <Ashwanth.Tiburt...@iwd.iowa.gov>
Subject RE: Yahoo user authentication using Oltu
Date Mon, 12 Jan 2015 21:39:17 GMT
Thank you again Jasha. It was very helpful. I am actually getting an error in the authorization
part itself. Following are the details.

Application: 
Consumer Key: dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--
Consumer Secret: 443a42b6cb7e2a8472fa9f09ba6841599749c84b 
Application URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml 
Callback Domain:devvm03.ia.wd.org 
Application ID: 5gZ0mz6o

Request Url: https://api.login.yahoo.com/oauth2/request_auth?response_type=code&redirect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--

Error: Oops. Yahoo is unable to process your request. We recommend that you contact the owner
of the application or web site to resolve this issue. [95036]

Java:
request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
	.setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
	.setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
	.setParameter("language", "en-us").buildQueryMessage();

I see that I am missing something in the configuration and how the url is being built but
I am not sure what it is. YDN forums say that call back url and the redirect url should match,
so I have coded the way it is. I am getting the same error with a different error code even
if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" as the redirect
uri. When I created the app in YDN, the only option available was to enter the Application
Url, I am not sure if it should be same as redirect url since I did not find a separate place
to enter it.

I have posted a question in YDN forum but if you or any other user could help me, I would
appreciate it much. Thank you.

P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct redirect
url.

Thanks,
Jude.
Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  50319
(515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov


-----Original Message-----
From: Jasha Joachimsthal [mailto:jasha@apache.org] 
Sent: Friday, January 09, 2015 6:23 PM
To: user@oltu.apache.org
Cc: dev@oltu.apache.org
Subject: Re: Yahoo user authentication using Oltu

Hi,

Yahoo supports the same authorization code flow as Google and Microsoft, but you cannot copy-paste
the implementation dus to subtle differences. You can find the Yahoo documentation on [1]

For Yahoo your callback uri must be accessible on port 80 or 443.
Other ports are not accepted in the authorization flow and lead to error pages.

When requesting an AccessToken, the clientId and clientSecret should be set in the Authorization
header, while all other parameters must be in the request body. The AccessToken response contains
the user id.

final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
    .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
    .setGrantType(GrantType.AUTHORIZATION_CODE)
    .setRedirectURI(https://myapplication.example.com/callback)
    .setCode(code)
    .buildBodyMessage();

final String up = clientId + ":" + clientSecret; final byte[] base64 = Base64.encodeBase64(up.getBytes());
String authorizationHeader = "Basic " + new String(base64); oAuthClientRequest.addHeader("Authorization",
base64EncodedBasicAuthentication(idp));

return getoAuthClient().accessToken(oAuthClientRequest);


To get a user profile the access token must be sent via an http header:

final String profileUrl =
String.format("https://social.yahooapis.com/v1/user/%s/profile?format=json",
yahooGuid);
final OAuthClientRequest bearerClientRequest = new
OAuthBearerClientRequest(profileUrl)
    .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
    .buildHeaderMessage();

return getoAuthClient().resource(bearerClientRequest,
OAuth.HttpMethod.GET, OAuthResourceResponse.class);


[1] https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for-server-side-apps

Regards,

Jasha

On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <Ashwanth.Tiburtius@iwd.iowa.gov>
wrote:
> Hi,
>
>
>
> I am doing a poc to use Apache Oltu to authenticate Google, Microsoft 
> and Yahoo users. Oltu works great for Google and Microsoft user 
> authentication but I am not sure if I can use it for Yahoo as well. 
> Yahoo seems to have a different process compared to other content 
> providers like Google where you setup your application as a client and 
> get the client id and client secret, and use those to authenticate a 
> yourself and the resource owner but Yahoo seems to be handling this 
> differently. Has anyone tried to authenticate a Yahoo user using Oltu? 
> Any help in this regard would be awesome. Thank you for your response and your time.
>
>
>
> Thanks,
>
> Jude.
>
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  
> 50319
>
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
Mime
View raw message