Hi, I'm endeavoring to access fantasy information from my private fantasy football league using a Java program (no web interface). I've got the OAuth setup and I am able to access information on public leagues, yet when I try to access my private league via
<?xml version="1.0" encoding="UTF-8"?> <error xmlns="http://www.yahooapis.com/v1/base.rng" xml:lang="en-us" yahoo:uri="http://fantasysports.yahooapis.com/fantasy/v2/league/mlb.l.482246" xmlns:yahoo="http://www.yahooapis.com/v1/base.rng"> <description>You are not allowed to view this page because you are not in this league.</description> <detail/> </error>
I used by yahoo ID to get the OAuth consumer key/secret. How do I say "I am in this league"? I've tried using OpenID but haven't found any good examples for Java-only code. Any advice at all would be VERY appreciated (as I've spent countless hours googling). Thanks.
Could you provide a bit more detail about how you're using OAuth in this context? If you actually want to access private user information, you need to go through the 3-legged OAuth flow, which is described in painstaking detail here:
It sounds like you're doing the 2-legged OAuth version, which will only let you access public information. (the very astute among you will notice that I just said that 2-legged OAuth for accessing public data is functional. Still testing it out on our side, but it is out there. FYI in case you find that interesting)
You were correct, the hangup I'm having is at the OAuth step. I've read through the Yahoo documentation several times but am getting confused on one aspect. The below works with no issue (I am using the Signpost API to make the Get Request Token call):
final String requestLink = "https://api.login.yahoo.com/oauth/v2/get_request_token"; final String accessLink = "https://api.login.yahoo.com/oauth/v2/get_access_token"; final String authorizeLink = "https://api.login.yahoo.com/oauth/v2/authorize";
OAuthConsumer consumer = new CommonsHttpOAuthConsumer(key,secret); OAuthProvider provider = new CommonsHttpOAuthProvider(requestLink,accessLink,authorizeLink);
I get my Request Token from this call without any issues. However, the next step is the User Authorization step, and I'm not sure what kind of "code" is needed from a "user" at this point (again this is a desktop application with which I am trying to access my own private fantasy league, no other users would use this application). Since I only have a Request Token and no OAuth Verifier, do I even need to perform the Access Token step?
From there I login using my Yahoo ID and password, then click Agree to get my OAuth Verifier. However, how could I programmatically via Java supply my Yahoo ID/passwd and click agree as I did in the browser? Is it possible or does there have to be browser intervention at this User Verification stage?
I think the general idea is that we don't want users to ever be entering their Yahoo! ID and password anywhere else aside from to our servers. That's why we want to bounce out to a browser instead of having you store a user's Yahoo! ID and password for them.
Once you get a user to agree once, though, you can continue to refresh their access token as long as you have the session handle.
This means, for instance, you could grant yourself access for your own Yahoo! ID once through the browser, and then just programmatically refresh that token for as long as you want to continue retrieving your data without needing any further manual intervention through the browser.