Many of you may have already seen our forum post from October 14, 2009 talking about how Yahoo! is retiring the use of the pre-Rev A OAuth flow for its APIs and services.
Why are we retiring pre-Rev A OAuth?
There was a security vulnerability found within pre-Rev A OAuth early this year. The new OAuth 1.0 A revision has been put into place to repair these vulnerabilities.
For full details on this, please see the original postings:
- YDN Forum Post: http://developer.yahoo.net/forum/index.php?showtopic=1263
- YDN Blog Post: developer.yahoo.net/blog/archives/2009/04/oauth_update.html
Am I affected? Where do I find more information?
Yahoo! has set up a few sources to find information about this migration. If you have questions about the services that are affected, how this might impact you, or full details about how to migrate to the new version, see the following resources:
- OAuth Security Issue FAQ: developer.yahoo.com/oauth/faq/
- OAuth Quick Start Guide: developer.yahoo.com/oauth/guide/oauth-guide.html
My application has stopped working - Is it related to this change?
If your application uses OAuth, or an API that implements OAuth, and your application can no longer authenticate new users coming into the application, you may be implementing the pre-Rev A version. If you suspect this to be the case, see the OAuth Quick Start Guide to upgrade your version of OAuth.
Where can I ask questions or get developer support
To find a developer to speak to about this migration or to help with your application migration, you may post your questions or concerns to the OAuth forum at http://developer.yahoo.net/forum/index.php?showforum=42
Yahoo! Developer Network