oltu-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jasha Joachimsthal <ja...@apache.org>
Subject Re: Yahoo user authentication using Oltu
Date Fri, 13 Feb 2015 09:43:08 GMT
On 13 February 2015 at 00:45, Tiburtius, Ashwanth [IWD]
<Ashwanth.Tiburtius@iwd.iowa.gov> wrote:
> I got it to work without Oltu which is a bummer since I am using Oltu for other providers
and it works great.
>
> For Yahoo, the user profile info can be obtained using this URL with the parameters:
>
> https://open.login.yahooapis.com/openid/op/auth?
> openid.claimed_id=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.identity=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0%2Fidentifier_select
> &openid.mode=checkid_setup
> &openid.ns=http%3A%2F%2Fspecs.openid.net%2Fauth%2F2.0
> &openid.realm=##Your Domain name - http://qwerq.org##
> &openid.return_to=##Your Return URL##
> &openid.ns.oauth=http%3A%2F%2Fspecs.openid.net%2Fextensions%2Foauth%2F1.0
> &openid.oauth.consumer=##Consumer Key##
> &openid.ns.ax=http%3A%2F%2Fopenid.net%2Fsrv%2Fax%2F1.0
> &openid.ax.mode=fetch_request
> &openid.ax.required=email,fullname,nickname
> &openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail
> &openid.ax.type.fullname=http%3A%2F%2Faxschema.org%2FnamePerson
> &openid.ax.type.nickname=http%3A%2F%2Faxschema.org%2FnamePerson%2Ffriendly
>
>
> You can only get specific fields from a persons profile.
> In the Required field write the sregs property name (comma seperated) (like openid.ax.required=email,fullname,nickname)
> and then give the schema also (like openid.ax.type.email=http%3A%2F%2Faxschema.org%2Fcontact%2Femail)
>
> Rest parameters need not be changed except for giving your realm,Return Url and Consumer
Key
>
> Microsoft wouldn’t send email ids in the profile response either. Have to work through
that. If someone in the Oltu group has successfully retrieved user email ids from MS, please
help me out. Really appreciate it.

Retrieving the email address from Microsoft requires the additional
scope wl.emails. In your code replace .setScope("wl.signin") with
.setScope("wl.signin,wl.emails")

>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
> Sent: Thursday, February 12, 2015 5:25 PM
> To: user@oltu.apache.org; 'Jasha Joachimsthal'
> Cc: dev@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> Hi,
>
> With Jasha's help, I was able to get through Yahoo OAuth api to get the profile information.
But unfortunately, Yahoo doesn’t send email addresses in the profile information. Based
on my research, it looks like we need to use Yahoo OpenID AX implementaion for this. It would
be very helpful to know if Oltu provide support for this or if someone has used Oltu to get
Yahoo email id after a user authenticates themselves.
>
> Really appreciate your time. Thank you.
>
> Regards,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
> -----Original Message-----
> From: Tiburtius, Ashwanth [IWD] [mailto:Ashwanth.Tiburtius@iwd.iowa.gov]
> Sent: Wednesday, January 14, 2015 1:52 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: RE: Yahoo user authentication using Oltu
>
> That’s it. It worked. Wow!! After so many days. Thank you so much Jasha.
>
> Thanks,
> Jude.
> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA  50319
> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>
>
> -----Original Message-----
> From: Jasha Joachimsthal [mailto:jasha@apache.org]
> Sent: Wednesday, January 14, 2015 1:22 PM
> To: user@oltu.apache.org
> Cc: dev@oltu.apache.org
> Subject: Re: Yahoo user authentication using Oltu
>
> To get the Authorization location:
>
> return OAuthClientRequest
>     .authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>     .setClientId(clientId)
>     .setResponseType(OAuth.OAUTH_CODE)
>     .setState(state)
>     .setRedirectURI(redirectUri)
>     .buildQueryMessage();
>
> The code for the access token and profile request are already in this thread.
>
> When configuring a new app there's a section "Access Scopes". I checked "This app requires
access to private user data."
> The permission is "Social directory (Profiles)" and then the option "Read".
>
> Maybe you didn't check the correct scope to get profile data.
>
> Jasha
>
>
> On 13 January 2015 at 23:38, Tiburtius, Ashwanth [IWD] <Ashwanth.Tiburtius@iwd.iowa.gov>
wrote:
>> Hi Jasha,
>>
>> I had been trying to get past the Yahoo authorization error but I am not able to.
I have tried many trial and error methods and I am getting one of 2 errors back and there
is no documentation as to what those errors are. So I am stuck. If you don’t mind, can you
please send me the code where you get authorization code from yahoo. It might help me identify
my mistake. Thanks in advance.
>>
>> Thanks,
>> Jude.
>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>> 50319
>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>
>>
>> -----Original Message-----
>> From: Jasha Joachimsthal [mailto:jashaj@gmail.com]
>> Sent: Monday, January 12, 2015 11:24 PM
>> To: user@oltu.apache.org
>> Cc: dev@oltu.apache.org
>> Subject: Re: Yahoo user authentication using Oltu
>>
>> I'm sorry but I cannot help you with Yahoo's (undocumented) error codes. The redirectURI
should be a valid URI and now you only provide the hostname in the request.
>> One other thing: never publish your consumer secret to the public.
>> It's a password that should only be known by you and the OAuth provider.
>>
>> On 12 January 2015 at 22:39, Tiburtius, Ashwanth [IWD] <Ashwanth.Tiburtius@iwd.iowa.gov>
wrote:
>>> Thank you again Jasha. It was very helpful. I am actually getting an error in
the authorization part itself. Following are the details.
>>>
>>> Application:
>>> Consumer Key:
>>> dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc
>>> 3
>>> VtZXJzZWNyZXQmeD02ZA-- Consumer Secret:
>>> 443a42b6cb7e2a8472fa9f09ba6841599749c84b
>>> Application
>>> URL:http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml
>>> Callback Domain:devvm03.ia.wd.org
>>> Application ID: 5gZ0mz6o
>>>
>>> Request Url:
>>> https://api.login.yahoo.com/oauth2/request_auth?response_type=code&re
>>> d
>>> irect_uri=devvm03.ia.wd.org&language=en-us&client_id=dj0yJmk9VERKTlY3
>>> b
>>> GFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD
>>> 0
>>> 2ZA--
>>>
>>> Error: Oops. Yahoo is unable to process your request. We recommend
>>> that you contact the owner of the application or web site to resolve
>>> this issue. [95036]
>>>
>>> Java:
>>> request = OAuthClientRequest.authorizationLocation("https://api.login.yahoo.com/oauth2/request_auth")
>>>         .setClientId("dj0yJmk9VERKTlY3bGFWbHVvJmQ9WVdrOU5XZGFNRzE2Tm04bWNHbzlNQS0tJnM9Y29uc3VtZXJzZWNyZXQmeD02ZA--")
>>>         .setResponseType(OAuth.OAUTH_CODE).setRedirectURI("devvm03.ia.wd.org")
>>>         .setParameter("language", "en-us").buildQueryMessage();
>>>
>>> I see that I am missing something in the configuration and how the url is being
built but I am not sure what it is. YDN forums say that call back url and the redirect url
should match, so I have coded the way it is. I am getting the same error with a different
error code even if I send " http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml"
as the redirect uri. When I created the app in YDN, the only option available was to enter
the Application Url, I am not sure if it should be same as redirect url since I did not find
a separate place to enter it.
>>>
>>> I have posted a question in YDN forum but if you or any other user could help
me, I would appreciate it much. Thank you.
>>>
>>> P.S: "http://devvm03.ia.wd.org/dashboard/faces/views/redirect.xhtml" is the correct
redirect url.
>>>
>>> Thanks,
>>> Jude.
>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>> 50319
>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>
>>>
>>> -----Original Message-----
>>> From: Jasha Joachimsthal [mailto:jasha@apache.org]
>>> Sent: Friday, January 09, 2015 6:23 PM
>>> To: user@oltu.apache.org
>>> Cc: dev@oltu.apache.org
>>> Subject: Re: Yahoo user authentication using Oltu
>>>
>>> Hi,
>>>
>>> Yahoo supports the same authorization code flow as Google and
>>> Microsoft, but you cannot copy-paste the implementation dus to subtle
>>> differences. You can find the Yahoo documentation on [1]
>>>
>>> For Yahoo your callback uri must be accessible on port 80 or 443.
>>> Other ports are not accepted in the authorization flow and lead to error pages.
>>>
>>> When requesting an AccessToken, the clientId and clientSecret should be set in
the Authorization header, while all other parameters must be in the request body. The AccessToken
response contains the user id.
>>>
>>> final OAuthClientRequest oAuthClientRequest = OAuthClientRequest
>>>     .tokenLocation("https://api.login.yahoo.com/oauth2/get_token")
>>>     .setGrantType(GrantType.AUTHORIZATION_CODE)
>>>     .setRedirectURI(https://myapplication.example.com/callback)
>>>     .setCode(code)
>>>     .buildBodyMessage();
>>>
>>> final String up = clientId + ":" + clientSecret; final byte[] base64
>>> = Base64.encodeBase64(up.getBytes());
>>> String authorizationHeader = "Basic " + new String(base64);
>>> oAuthClientRequest.addHeader("Authorization",
>>> base64EncodedBasicAuthentication(idp));
>>>
>>> return getoAuthClient().accessToken(oAuthClientRequest);
>>>
>>>
>>> To get a user profile the access token must be sent via an http header:
>>>
>>> final String profileUrl =
>>> String.format("https://social.yahooapis.com/v1/user/%s/profile?format
>>> =
>>> json",
>>> yahooGuid);
>>> final OAuthClientRequest bearerClientRequest = new
>>> OAuthBearerClientRequest(profileUrl)
>>>     .setAccessToken(oAuthAccessTokenResponse.getAccessToken())
>>>     .buildHeaderMessage();
>>>
>>> return getoAuthClient().resource(bearerClientRequest,
>>> OAuth.HttpMethod.GET, OAuthResourceResponse.class);
>>>
>>>
>>> [1]
>>> https://developer.yahoo.com/oauth2/guide/#authorization-code-flow-for
>>> -
>>> server-side-apps
>>>
>>> Regards,
>>>
>>> Jasha
>>>
>>> On 9 January 2015 at 18:03, Tiburtius, Ashwanth [IWD] <Ashwanth.Tiburtius@iwd.iowa.gov>
wrote:
>>>> Hi,
>>>>
>>>>
>>>>
>>>> I am doing a poc to use Apache Oltu to authenticate Google,
>>>> Microsoft and Yahoo users. Oltu works great for Google and Microsoft
>>>> user authentication but I am not sure if I can use it for Yahoo as well.
>>>> Yahoo seems to have a different process compared to other content
>>>> providers like Google where you setup your application as a client
>>>> and get the client id and client secret, and use those to
>>>> authenticate a yourself and the resource owner but Yahoo seems to be
>>>> handling this differently. Has anyone tried to authenticate a Yahoo user
using Oltu?
>>>> Any help in this regard would be awesome. Thank you for your response and
your time.
>>>>
>>>>
>>>>
>>>> Thanks,
>>>>
>>>> Jude.
>>>>
>>>> Iowa Workforce Development – IT | 1000 E Grand Ave, Des Moines, IA
>>>> 50319
>>>>
>>>> (515) 281-3378 | Ashwanth.Tiburtius@iwd.iowa.gov
>>>>
>>>>

Mime
View raw message